Android Lollipop Security Features
Posted by ISL Admin on Παρασκευή, Οκτωβρίου 31, 2014 with No comments
Google is reportedly offering data encryption in its upcoming Android platform – Android L(ollipop), by default. Though Google has been providing data encryption capability since past three years, it had been kept optional. The company assures users that keys/passcodes are not stored online or anywhere off your device, so Google has no way to share them. It is, however, widely accepted that majority of the users were unaware of this option. Hence, now users don’t even have to bother about turning it on, with default settings in place. The new security strategy comes hot on the heels of Apple announcing that users' data on iOS 8 is protected by passwords that even Apple cannot access. Expanded deployment of encryption by Google and Apple, however, will have the most direct impact on law enforcement officials, who have long warned that restrictions on their access to electronic devices make it much harder for them to prevent and solve crimes. Google does not have the ability to deliver its updated operating system, called the “L-release,” quickly to most users. Several different manufacturers make smartphones and tablets that use the Android operating system, and those devices are sold by many cellular carriers worldwide. This results in what experts call “fragmentation” – meaning there are hundreds of different versions of Android worldwide, many several years old, making it difficult to keep them current with the latest security features. The newest Android devices will likely ship with default encryption in a few days, but it will take many months and probably years before most Android devices have encryption by default.
The latest version of the mobile OS has amped up its deployment of Security Enhanced Linux (SE Android) in order to bring security policy enforcement to the kernel level, and has also switched device encryption on by default.
“You can authorize apps with high-level permissions and deep down they’re being granted a lot more access than necessary. With SE Android, Google is expanding and getting more fine-grained controls and containment,” said Zach Lanier, senior security researcher with Duo Labs, the research division of Duo Security. With SE Android, you’re much closer to having a real sandbox.
SE Linux has been in Android since version 4.4, but now all application enforcement is being pulled into the OS kernel. Google lead security engineer for Android Adrian Ludwig said this makes security auditing and monitoring easier on the device.
“With Android 5.0, SELinux Enforcing mode is required for all applications on all devices,” Ludwig said. “Multiple vulnerabilities have been prevented since we first introduced SELinux last year; by strengthening it even more, Android becomes a top choice for enterprise customers that have really strict security standards, such as the government.”
There are also rumors about multiple accounts per device, that would allow users to separate business form personal functions. The new Android for Work solution (which incorporates Samsung KNOX features) will address these issues by creating an encrypted storage and a virtual environment, basically, a smartphone inside a smartphone. After launching Android for Work, a user will see a “business home screen” with company-approved apps and can perform his/her duties using encrypted data and an encrypted Internet connection. One click ― and his/her personal home screen and apps are back. Private and work-related apps and data are fully isolated, e.g. the company email app cannot read users’ personal address book or photo library, and vice versa.
Google developers briefly mentioned something called Universal Data Controls, a centralized tool helping a user identify items like which apps, what kind of his/her personal data and what should be blocked for an individual’s smartphone. Unfortunately, there are few details on the subject. We will have to wait a few more days to take a closer look at this function.
If you're buying a Nexus 6 or Nexus 9, you can get Android Lollipop from November 3rd (if you're in the UK, you'll be able to pre-order in November and receive your phablet or tablet within a few weeks). But if you already have a Nexus 5, 7 or 10 you should get it in a free over-the-air update in the "coming weeks" according to Google's blog.
The latest version of the mobile OS has amped up its deployment of Security Enhanced Linux (SE Android) in order to bring security policy enforcement to the kernel level, and has also switched device encryption on by default.“You can authorize apps with high-level permissions and deep down they’re being granted a lot more access than necessary. With SE Android, Google is expanding and getting more fine-grained controls and containment,” said Zach Lanier, senior security researcher with Duo Labs, the research division of Duo Security. With SE Android, you’re much closer to having a real sandbox.
SE Linux has been in Android since version 4.4, but now all application enforcement is being pulled into the OS kernel. Google lead security engineer for Android Adrian Ludwig said this makes security auditing and monitoring easier on the device.
“With Android 5.0, SELinux Enforcing mode is required for all applications on all devices,” Ludwig said. “Multiple vulnerabilities have been prevented since we first introduced SELinux last year; by strengthening it even more, Android becomes a top choice for enterprise customers that have really strict security standards, such as the government.”
There are also rumors about multiple accounts per device, that would allow users to separate business form personal functions. The new Android for Work solution (which incorporates Samsung KNOX features) will address these issues by creating an encrypted storage and a virtual environment, basically, a smartphone inside a smartphone. After launching Android for Work, a user will see a “business home screen” with company-approved apps and can perform his/her duties using encrypted data and an encrypted Internet connection. One click ― and his/her personal home screen and apps are back. Private and work-related apps and data are fully isolated, e.g. the company email app cannot read users’ personal address book or photo library, and vice versa.
Google developers briefly mentioned something called Universal Data Controls, a centralized tool helping a user identify items like which apps, what kind of his/her personal data and what should be blocked for an individual’s smartphone. Unfortunately, there are few details on the subject. We will have to wait a few more days to take a closer look at this function.
If you're buying a Nexus 6 or Nexus 9, you can get Android Lollipop from November 3rd (if you're in the UK, you'll be able to pre-order in November and receive your phablet or tablet within a few weeks). But if you already have a Nexus 5, 7 or 10 you should get it in a free over-the-air update in the "coming weeks" according to Google's blog.
0 comments:
Δημοσίευση σχολίου