The Android Platform Security Model

Android is the most widely deployed end-user focused operating system. With its growing set of use cases encompassing communication, navigation, media consumption, entertainment, finance, health, and access to sensors, actuators, cameras, or microphones, its underlying security model needs to address a host of practical threats in a wide variety of scenarios while being useful to non-security experts. The model needs to strike a difficult balance between security, privacy, and usability for end users, assurances for app developers, and system performance under tight hardware constraints. While many of the underlying design principles have implicitly informed the overall system architecture, access control mechanisms, and mitigation techniques, the Android security model has previously not been formally published. This paper aims to both document the abstract model and discuss its implications. Based on a definition of the threat model and Android ecosystem context in which it operates, we analyze how the different security measures in past and current Android implementations work together to mitigate these threats. There are some special cases in applying the security model, and we discuss such deliberate deviations from the abstract model

Executive Power, Drone Executions, and the Due Process Rights of American Citizens

Few conflicts have tested the mettle of procedural due process more than the War on Terror. Although fiery military responses have insulated the United States from another 9/11, the Obama administration’s 2011 drone execution of a U.S. citizen allegedly associated with al-Qaeda without formal charges or prosecution sparked public outrage. Judicial recognition that this nonbattlefield execution presented a plausible procedural due process claim ignited questions which continue to smolder today: What are the limits of executive war power? What constitutional privileges do American citizens truly retain in the War on Terror? What if the executive erred in its judgment and mistakenly executed an innocent citizen? Currently, no legal regime provides answers or guards against the infringement of procedural due process the next time the executive determines that an American citizen must be executed to protect the borders of the United States. The executive remains free to unilaterally target and execute an American citizen via drone strike without the formal process that typically accompanies a death sentence under U.S. law. Protected under the aegis of national security, executive discretion has trumped the procedural due process rights of American citizens. To contextualize these issues of presidential power and procedural due process, this Note first surveys the modern War on Terror by examining the statutory authority enabling drone strikes and the scope of executive warmaking powers. Next, this Note employs the balancing test devised by the U.S. Supreme Court in Mathews v. Eldridge to assess the due process afforded a citizen targeted for extrajudicial drone execution under the executive’s unilateral methodology. Two potential safeguards—ex post and ex ante judicial review of drone strikes—are examined as possible defenses against the unjustified execution of an American citizen. After comparing these two systems of judicial review, this Note details and advocates for the congressional implementation of a narrowly tailored ex ante schema to provide an additional layer of process and reduce the risk of an unfounded drone execution. By lowering the likelihood of an erroneous execution, this precise ex ante legal regime strives to fulfill the procedural due process requirements delineated in Mathews v. Eldridge. This finely tailored ex ante regime mitigates executive discretion while still bending to meet the onerous demands of national security imposed in the modern age of terror