This question is intended for better understanding of security features of Android architecture.
In particular, I want to know what part of the architecture needs to be secure to prevent an attacker from gaining control of the hardware (say speaker, or microphone).
Specifically, is it the Linux Kernel, the Android OS, or the DVM?
Specifically, is it the Linux Kernel, the Android OS, or the DVM?
All of this. And also the firmware.
Bugs in the virtual machine would allow the attacker to change what an application is supposed to do, which is especially a problem if the application is allowed to access the specific hardware. Bugs in the Android OS could mean that an attacker could exploit bugs in privileged applications and thus gain access to the hardware. Bugs in the kernel could mean that separation between processes and also restrictions regarding access to hardware are not properly implemented. And bugs in the firmware might even allow direct manipulation from outside, like from WLAN or bluetooth.
