Device‐to‐device (D2D) communication has emerged as a promising technology for the next‐generation mobile communication networks and wireless systems (5G). As an underlay network of conventional cellular networks, e.g. LTE and 5G network, D2D communications have shown great potential in improving communication capability, erasing communication delay, reducing power dissipation, and fostering multifarious new applications and services. In spite of the significant benefits, new application scenarios and system architecture expose D2D services into specific security and privacy threats and issues. These issues hinder the success of various D2D services. In this article, we explore a security architecture for D2D communications under 5G framework. Under this architecture, we investigate potential security and privacy threats and specify security and privacy requirements for designing a security and privacy, preserving D2D system. The state‐of‐the‐art solutions on security and privacy in D2D communications are reviewed comprehensively and intensively and evaluated under the security architecture. The analysis results show the features and drawbacks of existing works when coping with these security and privacy threats and requirements. Finally, we point out open research issues from the existing works and inspire future research efforts.