1. Question 1 — Ways Android protects your app

• ❌ It ensures embedded security keys cannot be accessed by the device owner.

• ❌ It ensures the user cannot access your app’s secret preferences.

• ❌ It ensures only secure apps can send Intents to your app.

• ✔️ It ensures privately stored app data is not accessible to other apps.

---

2. Question 2 — Security issue in the code

Problems with the code:

• ✔️ May lead to a null pointer exception if “uri” is missing.

• ✔️ May lead to privilege escalation if caller app doesn’t have Internet but your app does (caller leverages your permissions).

• ❌ May lead to buffer overflow.

• ❌ May lead to storing sensitive data on SD card.

Correct: ✔️ Option 1 and ✔️ Option 2

---

3. Question 3 — Why security mistakes happen

• ✔️ Software is inherently complex → mistakes happen.

• ❌ Design patterns always reduce security.

• ✔️ Developers often lack time/resources for secure development.

• ❌ Developers are lazy / don’t care (not true).

• ❌ Small number of unskilled developers introduce all vulnerabilities.

Correct: ✔️ Option 1 and ✔️ Option 3

---

4. Question 4 — When Android creates a Linux user account

• ✔️ When an app is installed

• ❌ When an app is launched

• ❌ When someone sets a passcode

• ❌ When an app requests a permission

Android assigns one Linux UID per installed app.

---

5. Question 5 — What is true on Android?

• ✔️ Apps can declare new permissions.

• ❌ There is a limited set of permissions (you can define custom ones).

• ❌ An app can provide access to a privileged resource to another app (not directly).

• ✔️ An app cannot provide access unless the other app also has the uses-permission.

Correct: ✔️ Option 1, ✔️ Option 4

---

📘 Summary Table

---