Operating System

These protected APIs include:

Camera functions
Location data (GPS)
Bluetooth functions
Telephony functions
SMS/MMS functions
Network/data connections

These resources are only accessible through the operating system. To make use of the protected APIs on the device, an application must define the capabilities it needs in its manifest. When preparing to install an application, the system displays a dialog to the user that indicates the permissions requested and asks whether to continue the installation. If the user continues with the installation, the system accepts that the user has granted all of the requested permissions. The user can not grant or deny individual permissions -- the user must grant or deny all of the requested permissions as a block.

Once granted, the permissions are applied to the application as long as it is installed. To avoid user confusion, the system does not notify the user again of the permissions granted to the application, and applications that are included in the core operating system or bundled by an OEM do not request permissions from the user. Permissions are removed if an application is uninstalled, so a subsequent re-installation will again result in display of permissions.

Within the device settings, users are able to view permissions for applications they have previously installed. Users can also turn off some functionality globally when they choose, such as disabling GPS, radio, or wi-fi.

In the event that an application attempts to use a protected feature which has not been declared in the application's manifest, the permission failure will typically result in a security exception being thrown back to the application. Protected API permission checks are enforced at the lowest possible level to prevent circumvention. An example of the user messaging when an application is installed while requesting access to protected APIs is shown in Figure 2.

The system default permissions are described at https://developer.android.com/reference/android/Manifest.permission.html. Applications may declare their own permissions for other applications to use. Such permissions are not listed in the above location.

When defining a permission a protectionLevel attribute tells the system how the user is to be informed of applications requiring the permission, or who is allowed to hold a permission. Details on creating and using application specific permissions are described at https://developer.android.com/guide/topics/security/security.html.

There are some device capabilities, such as the ability to send SMS broadcast intents, that are not available to third-party applications, but that may be used by applications pre-installed by the OEM. These permissions use the signatureOrSystem permission.

How Users Understand Third-Party Applications
Android strives to make it clear to users when they are interacting with third-party applications and inform the user of the capabilities those applications have. Prior to installation of any application, the user is shown a clear message about the different permissions the application is requesting. After install, the user is not prompted again to confirm any permissions.

There are many reasons to show permissions immediately prior to installation time. This is when user is actively reviewing information about the application, developer, and functionality to determine whether it matches their needs and expectations. It is also important that they have not yet established a mental or financial commitment to the app, and can easily compare the application to other alternative applications.

Some other platforms use a different approach to user notification, requesting permission at the start of each session or while applications are in use. The vision of Android is to have users switching seamlessly between applications at will. Providing confirmations each time would slow down the user and prevent Android from delivering a great user experience. Having the user review permissions at install time gives the user the option to not install the application if they feel uncomfortable.

Also, many user interface studies have shown that over-prompting the user causes the user to start saying "OK" to any dialog that is shown. One of Android's security goals is to effectively convey important security information to the user, which cannot be done using dialogs that the user will be trained to ignore. By presenting the important information once, and only when it is important, the user is more likely to think about what they are agreeing to.

Some platforms choose not to show any information at all about application functionality. That approach prevents users from easily understanding and discussing application capabilities. While it is not possible for all users to always make fully informed decisions, the Android permissions model makes information about applications easily accessible to a wide range of users. For example, unexpected permissions requests can prompt more sophisticated users to ask critical questions about application functionality and share their concerns in places such as Google Play where they are visible to all users.

Sensitive Data Input Devices

Android devices frequently provide sensitive data input devices that allow applications to interact with the surrounding environment, such as camera, microphone or GPS. For a third-party application to access these devices, it must first be explicitly provided access by the user through the use of Android OS Permissions. Upon installation, the installer will prompt the user requesting permission to the sensor by name.

If an application wants to know the user's location, the application requires a permission to access the user's location. Upon installation, the installer will prompt the user asking if the application can access the user's location. At any time, if the user does not want any application to access their location, then the user can run the "Settings" application, go to "Location & Security", and uncheck the "Use wireless networks" and "Enable GPS satellites". This will disable location based services for all applications on the user's device.

Device Metadata

Android also strives to restrict access to data that is not intrinsically sensitive, but may indirectly reveal characteristics about the user, user preferences, and the manner in which they use a device.

By default applications do not have access to operating system logs, browser history, phone number, or hardware / network identification information. If an application requests access to this information at install time, the installer will prompt the user asking if the application can access the information. If the user does not grant access, the application will not be installed.

Application Signing

Code signing allows developers to identify the author of the application and to update their application without creating complicated interfaces and permissions. Every application that is run on the Android platform must be signed by the developer. Applications that attempt to install without being signed will rejected by either Google Play or the package installer on the Android device.

On Google Play, application signing bridges the trust Google has with the developer and the trust the developer has with their application. Developers know their application is provided, unmodified to the Android device; and developers can be held accountable for behavior of their application.

On Android, application signing is the first step to placing an application in its Application Sandbox. The signed application certificate defines which user id is associated with which application; different applications run under different user IDs. Application signing ensures that one application cannot access any other application except through well-defined IPC.

When an application (APK file) is installed onto an Android device, the Package Manager verifies that the APK has been properly signed with the certificate included in that APK. If the certificate (or, more accurately, the public key in the certificate) matches the key used to sign any other APK on the device, the new APK has the option to specify in the manifest that it will share a UID with the other similarly-signed APKs.

Applications can be signed by a third-party (OEM, operator, alternative market) or self-signed. Android provides code signing using self-signed certificates that developers can generate without external assistance or permission. Applications do not have to be signed by a central authority. Android currently does not perform CA verification for application certificates.

Applications are also able to declare security permissions at the Signature protection level, restricting access only to applications signed with the same key while maintaining distinct UIDs and Application Sandboxes. A closer relationship with a shared Application Sandbox is allowed via the shared UID feature where two or more applications signed with same developer key can declare a shared UID in their manifest.

Digital Rights Management

 

The Android platform provides an extensible DRM framework that lets applications manage rights-protected content according to the license constraints that are associated with the content. The DRM framework supports many DRM schemes; which DRM schemes a device supports is left to the device manufacturer.

The Android DRM framework is implemented in two architectural layers (see figure below):

A DRM framework API, which is exposed to applications through the Android application framework and runs through the Dalvik VM for standard applications.

A native code DRM manager, which implements the DRM framework and exposes an interface for DRM plug-ins (agents) to handle rights management and decryption for various DRM schemes

VISA GIFT CARD

Looking for a great gift idea? Introducing the SECU Visa Gift Card - the perfect gift for anyone on your list no matter what the occasion - birthday, wedding, anniversary, holiday or graduation! The versatility of the SECU Visa Gift Card allows your loved ones to make purchases nearly anywhere Visa cards are accepted. So why waste time trying to figure out their favorite restaurant or store? With an SECU Visa Gift Card, the possibilities are endless! 

The Gift Cards are available in all SECU branches. Gift Cards can be purchased in amounts ranging from $20 to $500 at a cost of just $1 per card! You can also order your Gift Cards online through Member Access. Simply sign in, select the Services tab, click on the Gift Cards link and follow the easy instructions. The fee for issuance and handling of each card purchase online is $2.50. 

So how do these cards work? Although an SECU Visa Gift Card is not a credit card, you use it similar to one. A Personal Identification Number (PIN) is not tied to the card, so choose "credit" when making purchases and the amount will be deducted from the card. It's pretty simple! Cardholders can even check their gift card balance and transaction history by calling the number on the back of the card. 

Visit My Account today to register your Gift Card! Registering your Gift Card allows you to view transaction information and balance. It is important to register your Gift Card in case it is lost, stolen or if you have an unauthorized transaction. Please refer to the Visa Gift Card Terms and Conditions for more information. 

How to Manage Tickets, Gift Cards, and More with Passbook

Passbook is a brand new app in iOS 6 that makes managing your event tickets, gift cards, coupons, loyalty cards, and more super easy. Here's how it works in iOS 6.

How to Add, View, and Use Passes

When you update to iOS 6, you'll see a new icon on your home screen for Passbook. Tap on that to open your list of passes. When you first start, you won't have any, but you'll be able to head to the App Store and buy some if you so desire. If you come upon anything that's compatible with Passbook—say, in mobile Safari—you'll be prompted to add it to Passbook right then and there.

Each card in Passbook is designed to show you all the information you could need at any point in time. Airline tickets have your flight number, your gate, the departure time, and more. Gift cards show your current balance, coupons show the expiration date, and nearly all passes have a scannable bar code so you don't need to worry about bringing along your paper tickets. To delete a card, just press the info button in the lower right-hand corner, and tap the trash can icon.

Get Notifications for Passes As You Need Them

When you bring up a pass, you can tap the info button in the lower right-hand corner to edit its preferences. Each card has two settings: First is Automatic Updates, which allows Passbook to update your gift card balance, airline gate changes, and other information. The second preference is Show On Lock Screen, which will give you notifications when it's time to use that card. If it's an airline or event ticket, for example, it'll send you a notification based on the time, and if it's a gift card or coupon, it'll send you a notification based on your location (i.e., if you walk into a Starbucks, it'll notify you that you have a Starbucks gift card). You can edit Passbook's notification settings under Settings > Notifications, as you can with any other app. Some passes may even integrate with the Reminders and Calendar apps as well.

What Services Support Passbook?

As of this morning, Passbook currently supports Fandango, Live Nation, Lufthansa, MLB.com At Bat, Sephora to Go, Ticketmaster, and Walgreens. We've have seen a number of other companies in demonstrations of Passbook, leading us to believe they'll soon be partners as well—particularly Delta, Starwood Hotels, Starbucks, Apple Stores, and more. To see more, just open up Passbook and hit the "App Store" button to see what's available!