Skip main navigation
We use cookies to give you a better experience, if that’s ok you can close this message and carry on browsing. For more info read our cookies policy.
We use cookies to give you a better experience. Carry on browsing if you're happy with this, or read our cookies policy for more information.

Principle of least privilege

Possibly one of the most important principles of secure system design is the Principle of Least Privilege.

Put simply, this says that each of the components that make up your system, or app in our case, should be given only the power, information, or resources, it needs to perform its assigned task. Nothing more.

If a component has permission to access resources that it does not need to perform its task, for example an image viewer that has the ability to read your email, or the ability to send SMS, then even though the component was never designed to do these things (it is just supposed to display an image), an attacker may be able to make the component do so (perhaps through a carefully crafted malformed image file), thus violating the user’s privacy, or running up a huge phone bill.

If we remove unnecessary privileges from the image viewer it becomes harder for an attacker to exploit bugs in the component.

Android incorporates many technologies that help us apply the Principle of Least Privilege. Some of these require no work on our behalf, like app sandboxing, others require us to carefully think about the design of our app.

Share this article:

This article is from the free online course:

Secure Android App Development

University of Southampton

Contact FutureLearn for Support