In this part I will be talking about the security on Android. One thing that security phones have all the same is that they all run a versions of google Android operation system. However, building on a Android is much easier then building a smart phone OS from scratch. Android got many features that in a way keeps your phone safe, an example of a softwear is Google play protect.Google play protect help work to keep the phone safe and all the Apps and data safe as well. It scans the device and is always making improvement to make sure that it stays safe. A way that it does this is that if you’ve misplaced your device, find my device have you covered. One way that it does this is that you can locate your device by signing into your google account, and even call it directly from the web. With safe browsing protection in Chrome, you can browse with confidence. If you visit a site that’s acting out of line, you’ll be warned and taken back to safety. Is Google Play secure. the security system never sleeps. Google Play Protect continuously works to keep your device, data and apps safe. it actively scans your device and it constantly improving to make sure you have the latest in moblie security. There are other parts of the application is that Asurion has implemented measure to keep protecting against the unauthorized access. loss, misuse and alteration of the technical data and your P11. Asurion utilizes security measures and encryption technology to help protect the integrity of the Technical Data and your P11.However what is meant by protected apps is feature in the Android world like cyanogen OS which hides selected apps from the main page. Making them hard to be accessed by an a other person. With safe browsing in Chome, you can browse with a safe mind. If you visit a site that’s acting out of line, you’ll be warned and taken back to safety. this is one of the features that it has got to secure your phone. Google Play Protect, which scans all apps for malware before and after you install them, is automatically enable on your device. to see more about Play protect: open you device’s google Play store app. tap menu play protect icon. Android’s has recently released a version called Oreo update pack with features such as, including a battery life boost and a notifications rethink. Moreover Oreo’s most important improvements will happen not on the phone but with the systems. With a whole host of security update designed to evolve with ever expanding threats. It stops ransomware to blocking malicious apps and easing Android’s longstanding problems. The System Oreo tackles some big problem. For the security developers who work with the system, through, it’s just one more step on a journey that doesn’t end. With more than a billion active users using the device, the majority of them not on the latest or recent version. Android presents a preferred target for hackers. Stopping them takes quite a yearly unharness. It takes the type of longview, holistic effort that Google has utilized for years. Android’s recently update packs in many options, as well as electric battery life boost and a notifications rethink. however Oreo’s most significant enhancements can happen behind the scenes, with a number of security updates designed to evolve with ever-expanding digital threats. From halting ransomware from blocking malicious apps and Android’s problems. Take google Play protect, part of Android security’s detection and reaction infrastructure, which scans device for suspicious app activity. With over 20 billion apps scanned per day. The app scanning that goes into Play Protect has existed in the system under other names for years, but Android Security surfaced the mechanism for customers this year and has used it to do a new type of visibility research such as. Android data scientist Megan Ruthven and others have developed techniques for detecting distribution of extremely targeted malware, the type that might be narrowly distributed to high-value marks. So far, Ruthven’s research has turned up 3,000 unique samples of malware, each with an average of just 130 users affected. This ability to detect such a faint signal helps protect each individual user, while also allowing Android Security to spot nascent threats early.Android’s scanners don’t catch everything, though, and researchers still regularly find malicious software that has made it past Google’s protections to land in the Play Store this is the course of the system that can catch this. In August alone, third-party analysts discovered hundreds of compromised financial apps, spyware, and even apps that spread malware to build Android and power DDoS attacks. Despite those recent Problem, the dangers of downloading apps from third-party app stores far exceed those posed by mainstream apps in Google Play but on the other hand there are apps that can be download from the internet so you would not need the Android system to download. So Android Security implemented  a small but large amount of changes in Oreo, aimed at regularly reminding users about what types of apps they’re downloading. For example, in previous versions of Android a user could enable downloads from outside of Google Play through a setting called Unknown Sources. Beginning with Oreo, users now receive a prompt to confirm that they want to download any Unknown Source app before doing so, as a more salient reminder to proceed with caution. Android Security also takes a broad view.In the case of mobile ransomware, a small but growing type of attack keeps on happening, Android already had some defense advantages because it looks at every app into a sandbox, rather than letting them all run together in an open environment. As a result, Android can contain malicious activity more effectively than a more open platform like Windows this is because that they always run the softwear that looks into this. While tracking 30 families of Android ransomware, the team discovered versions that exploited flaws to block users from accessing their phone at the lock screen, through visual overlays, and by encrypting some data so that they can not access it.The team also says that to this point it has still never seen ransomware that can render an Android device completely unusable in a way that the user would not be able to use the phone. Android Security has already worked to bring a number of big device makers on to a monthly update schedule, where they all come together to find out the finding of a attake on the system. which has helped improve fragmentation a bit. The effort has a number of limitations, though only a few models end up getting regular updates. So Oreo is working to address the tension head-on with a new feature called Project Treble. Make Android easier to update regardless of device and carrier, by segmenting Android’s code into portions that interact with vendor-specific attributes and portions that deal with the more general, platform agnostic operating system. Ideally, that makes it possible to push software updates to the core Android component of every device without dealing with vendor-specific incompatibilities. Manufacturers could also ship updates for their tailored portions of the code. Though many security features are conceptually broad to protect against a variety of both present and future unknown threats, Android Security developers note that they have some additional foresight into where attackers will focus simply because they know where they have already bolstered their defenses and made attacks impractical. in practice, here’s how that plays out In 2010 only about 4 percent of Android bugs targeted the kernel which is a system the central coordinator of an operating system. By 2015 the number was up to 38 percent, because security enhancements had cut off easier routes for attackers so they cant get into it. The Security team can’t make certain of what attacks can spike within the future, and oero can offer them a leg up regardless. however no matter is up next, the team will not be waiting till the massive 2018 unleash to combat it and make safe. In a moblie security, a sandbox may be a security mechanism for separating running programs, sometimes in a trial to mitigate system failures or software package vulnerabilities from spreading. it’s typically accustomed execute untested or untrusted programs or code, probably from unproved or untrusted third parties, suppliers, users or websites, while not risking hurt to the host machine or OS. A sandbox usually provides a tightly controlled set of resources for guest programs to run in, like scratch area on disk and memory. Network access, the flexibility to examine the host system or scan from input devices area unit sometimes disallowed or heavily restricted in the system. In the sense of providing an extremely controlled setting, sandboxes could also be seen as a particular example of virtualization. Sandboxing is usually wont to take a look at unproved programs that will contain a scourge or different malicious code, while not permitting the software package to hurt the host device Android has intrinsic security measures that considerably cut back the frequency and impact of application security problems. The system is meant in order that you’ll be able to generally build your apps with the default system and file permissions and avoid troublesome choices concerning security.The core Security features can help you build secure the apps the android application sandbox, which isolates your app data and code from other apps so that they don’t look the same. An application framework with implementation of common security such as cryptography, and a secure IPC. The technologies like ASLR, NX, propolice and opnen BSD. An encrypted flie system that can be enabled to safeguard information on lost or taken devices. User-granted permissions to limit access to system options and user information. Application-defined permissions to manage application information on a per-app basis. it’s necessary that you simply be aware of the automaton security best practices during this document. Following these practices as general writing habits reduces the probability of unwittingly introducing security problems that adversely have an effect on your users. In a Java artificial language and development surroundings, the sandbox is that the program space and set of rules that programmers got to use once making Java code referred to as an applications programme that’s sent as a part of a page. Since a Java applications programme is shipped mechanically as a part of the page and might be dead as presently because it arrives, the applications programme will simply do hurt, either accidentally or because the results of malicious intent, if it’sallowed unlimited access to memory and software system services. The sandbox restrictions offer strict limitations on what system resources the applications programme will request or access. The sandbox is enforced not solely by requiring programmers to adapt to bound rules however additionally by providing code checkers. The Java language itself provides options admire automatic memory management, garbage pickup, and also the checking of address ranges in strings and arrays that inherently facilitate to ensure safe code. additionally, Java includes a compiled code Java’s compiled code is thought as bytecode friend that guarantees adherence to bound limitations. Java additionally provides for a neighborhood name area inside that code is also restricted. The Java virtual machine the layer that interprets the Java bytecode for a given pc platform additionally mediates access to system resources and ensures that sandbox code is restricted. To conclude these safety features square measure there create safe your mechanical man phone by doing all the items that’s mentioned within the on top of and mechanical man attempt to make it easier for the top user to travel there day to day life.Moreover the sandbox program is often used to execute untested or untrusted program and the code that runs the program, possibly from unverified or untrusted third parties, suppliers, users or websites that run the same thing because without risking harm to the host machine or operating system. The app sandbox is an access control technology provided in macOS , the enforced at the kernel level. It is designed to contain damage to the system and the users data if the app becomes compromised it. Apps distributed through the Mac app store must adopt app sandbox that covers it.  sandbox is a set of fine-grained controls that limit the app’s access to files, preferences, network resources, hardware, and so on. As part of the sandboxing process, the system installs each app in its own sandbox directory, which acts as the home for the app and its data likewise it also help apple in a way that security technique that acts as a last line of defense against exploited, buggy, or otherwise compromised applications, which Apple is implementing to ensure programs distributed through the Mac App Store are as safe and secure as possible so in a way it help both way to make sure that it doesn’t effect everything.  However Android seem to have a big problem with the security such as it reputation isn’t correct and how people view IOS. This is one of the main reason that Google had made a feature of all androids apps which is the sandbox application. A way that they do this is also a perspective of the Linux Kernel which makes the phone get information on who is using is from a distinct use or a robot. The reasons of this is that they only have one real physical user.Sandbox also creates permission where it defines as few permissions as possible while satisfying your security requirements, by creating the new permission is not uncommon for application that are in the play store as they already been check by Google to see it they gather information such as bank details or personal information about the user that is using the device. It does this declaring the application manifest using a code element. Application wanting to do the same can do so by reference it by each adding the same code element in there element. The ways that it does this are the permission has to have a string that always expresses to the persons security decision that they have required to make. Also after that they also need a permission string to have a localised language for example if the users is the UK the language would be English. Then the users may have to choose not to install the application is they don’t want to and can also denial of the permission to have accesses to the file. Then lastly the application has to request the permission when the creator of the permission has not been installed. For the developer these step can poses a big nontechnical challenge for the developer and also confusing the users that why android discourages the use of big permission level as they don’t want to use to feel scared.Using the network transaction are inherently risky for the security because it involves sending data that is pervade to the user such as personal details and banking information. They are increasingly aware of the privacy concerns of a mobile phone, why it that when devices perform network transaction, so its also very important that the application all best practices to keeping the users information safe at all cost. Lastly handling user data in general, the best practices for the user data security is to minimise the use of a APIs that can be used to access sensitive or personal user data. Unknown to have access to the users data can avoid that fact to storing or transmitting it. For example the application might use of hash email address as the email that is key to avoid transmitting. This helps reduce the chances of a exposing data, and makes the chance of an attack less due to the fact that they would not be able to have access to the right information.