To understand how reliable data should be protected on an Android device, I want to understand what attacks are possible. I began to write down my knowledge and hope that I get corrections where I am wrong or where something is missing. At first I assume that Google will not be evil, so Ignore the attacks of Google itself.
Each application is signed and runs under its own user identifier, so the application can only read data belonging to it, except that the application creates public storage. In addition, an application that is familiar with the same key can exchange data. If the application wants to receive special rights, such as reading or writing to a calendar or contacts, the user must accept it.
Thus, by default it is a safe design. Unfortunately, each system may have security problems, so the system will be damaged. On desktop systems, regular updates are common practice. On android, it depends on the vendor and with the exception of the Nexus it is mostly bad. Thus, it may be that security holes are open for a long period of time.
So how can you attack an Android phone?
Google can easily uninstall and install applications ( Link ). If someone breaks into this mechanism, an attacker can install arbitrary applications on the device. Not sure if this application automatically has all the rights that it wants to have. This is not happening so far, but it is possible. You can protect your phone by regularly checking all installed applications and rights. This mechanism may be misused by a hacker.
Malicious applications can do a lot of evil things, but if you do not give each application the rights that the applications need and think a little, you can protect your phone.
root. , . . , , .
, , -, . , ( , ).