android - 为安全而设计 - 1 - 开发文档翻译

Designing for Security
为安全而设计
 
Android was designed so that most developers will be able to build applications using the default settings and not be confronted with difficult decisions about security.
Android also has a number of security features built into the operating system that significantly reduce the frequency and impact of application security issues.
Android被设计成大多数开发者有能力建立应用使用默认设置并且不用面对关于安全的困难的决定。
Android也有大量的安全特征构建到操作系统中，极大的减少应用安全问题的频率和影响。
 
 
Some of the security features that help developers build secure applications include:
一些安全特征帮助开发者建立安全的应用，包括：
 
1.The Android Application Sandbox that isolates data and code execution on a per-application basis.
2.Android application framework with robust implementations of common security functionality such as cryptography, permissions, and secure IPC.
3.Technologies like ASLR, NX, ProPolice, safe_iop, OpenBSD dlmalloc, OpenBSD calloc, and Linux mmap_min_addr to mitigate risks associated with common memory management errors
4.An encrypted filesystem that can be enabled to protect data on lost or stolen devices.
1.Android应用沙箱隔离数据和代码基于每一个应用执行。
2.Android应用框架拥有强壮的常见的安全功能,比如加密，权限和安全的IPC
3.ASLR, NX, ProPolice, safe_iop, OpenBSD dlmalloc, OpenBSD calloc和Linux mmap_min_addr技术用来减轻与常见的内存管理错误相关的风险
4.加密文件系统能够在丢失的或者被偷的设备上面保护数据
 
 
Nevertheless, it is important for developers to be familiar with Android security best practices to make sure they take advantage of these capabilities and to reduce the likelihood of inadvertently introducing security issues that can affect their applications.
对开发者来说熟悉Android安全最好的练习是保证他们利用这些能力来减少可能无意中引入的能影响他们的应用的安全问题
 
 
This document is organized around common APIs and development techniques that can have security implications for your application and its users.
As these best practices are constantly evolving, we recommend you check back occasionally throughout your application development process.
这个文档是围绕牵连你的应用和它的用户的安全的常见API和开发技术。
由于这些最佳练习是不断地发展，我们推荐你在你的应用开发进程中，偶尔的回头检查。
 
 
Using Dalvik Code
使用Dalvik代码
Writing secure code that runs in virtual machines is a well-studied topic and many of the issues are not specific to Android.
Rather than attempting to rehash these topics, we’d recommend that you familiarize yourself with the existing literature.
Two of the more popular resources are:
编写运行在虚拟机的安全代码是一个精心研究的话题，很多问题并不特指在Android上。
相比尝试重新讲解这些话题，我们推荐你熟悉已经存在的文献。
1.http://www.securingjava.com/toc.html
2.https://www.owasp.org/index.php/Java_Security_Resources
This document is focused on the areas which are Android specific and/or different from other environments.
For developers experienced with VM programming in other environments, there are two broad issues that may be different about writing apps for Android:
这个文档集中于Android专有的并/或者与其他环境不同地方。
对于有在其他环境上的VM编程经验开发者，这有这有两个普遍的问题也许对于编写Android应用来说有些不同
 
 
Some virtual machines, such as the JVM or .net runtime, act as a security boundary, isolating code from the underlying operating system capabilities.
On Android, the Dalvik VM is not a security boundary -- the application sandbox is implemented at the OS level, so Dalvik can interoperate with native code in the same application without any security constraints.
一些虚拟机，比如JVM或者.net，担任一个安全的边界作用，代码与底层操作系统能力相隔离。
在Android上，Dalvik VM不是一个安全边界-- 应用沙箱是在系统级别实现的，所以Dalvik可以在同一个应用与native代码相互操作没有任何约束。
 
 
Given the limited storage on mobile devices, it’s common for developers to want to build modular applications and use dynamic class loading.
When doing this consider both the source where you retrieve your application logic and where you store it locally.
Do not use dynamic class loading from sources that are not verified, such as unsecured network sources or external storage, since that code can be modified to include malicious behavior.
已知的手机上的存储限制，对来发者来说，想要建立模块化应用和使用动态类加载是很常见的。
当这么做的时候，要考虑两个资源一个是  你在哪里恢复你的应用逻辑  另一个是你在哪里存储它们
不要从未验证的资源使用动态类加载器，比如不安全的网络资源或者外部存储，因为那些代码可能被修改为包含恶意的行为。
 
 
Using Native Code
使用Native代码
In general, we encourage developers to use the Android SDK for most application development, rather than using native code.
Applications built with native code are more complex, less portable, and more like to include common memory corruption errors such as buffer overflows.
一般来说，对于大多数应用开发，我们鼓励开发者使用Android SDK而不是使用native代码
编译native代码的应用更为复杂，移植性差，更容易包含常见的内存崩溃错误，比如缓冲区溢出。
 
 
Android is built using the Linux kernel and being familiar with Linux development security best practices is especially useful if you are going to use native code.
This document is too short to discuss all of those best practices, but one of the most popular resources is “Secure Programming for Linux and Unix HOWTO”, available at http://www.dwheeler.com/secure-programs.
Android使用Linux内核编译并且与Linux开发相似，如果你打算使用native代码，安全最佳实践尤其有用。
这篇文档讨论这些所有的最佳实践实在太短了，但是最受欢迎的资源之一是“Secure Programming for Linux and Unix HOWTO”，在这里可以找到http://www.dwheeler.com/secure-programs
 
 
An important difference between Android and most Linux environments is the Application Sandbox.
On Android, all applications run in the Application Sandbox, including those written with native code.
At the most basic level, a good way to think about it for developers familiar with Linux is to know that every application is given a unique UID with very limited permissions.
This is discussed in more detail in the Android Security Overview and you should be familiar with application permissions even if you are using native code.
Android和大多数Linux环境之前的一个重要区别是应用沙箱。
在Android中，所有的应用运行在应用沙箱中，包括那些用native代码编写的应用。
在最基本的级别中，对于开发者来说，一种考虑它的好的办法与Linux相似，知道每一个应用被分配一个具有非常有限权限的唯一UID。
这里讨论的比Android Security Overview中更细节化，你应该熟悉应用许可，即使你使用的是native代码
 
 
Storing Data
数据存储
Using internal files
使用内部文件
By default, files created on internal storage are only accessible to the application that created the file.
This protection is implemented by Android and is sufficient for most applications.
默认的，建立在内部存储中的文件只对建立此文件的应用可访问。
这种保护是由Android执行的，对大多数应用来说足矣。
 
 
Use of world writable or world readable files for IPC is discouraged because it does not provide the ability to limit data access to particular applications, nor does it provide any control on data format.
As an alternative, you might consider using a ContentProvider which provides read and write permissions, and can make dy

补充：移动开发 , Android ,