Google Release 7 More Security Features for Android Devices:
Google released the latest iteration of the Android mobile OS last week called the Android 4.3 Jelly Bean. First look of the new version gives you the impression that not much has changed. But, it is when you look under the hood that you really see the difference. Google’s ‘sweeter Jelly Bean’ is a lot safer and secure than its predecessor due to additional security features and the introduction of Restricted Profiles. In addition to this, there is now also support for Bluetooth smart and Wi-Fi configuration on WPA2-Enterprise networks making it a lot harder for criminals to exploit the software. Below are some of the biggest changes that we saw in Android 4.3.
The biggest and most controversial change in the Android 4.3 is the introduction of SELinux, which will be able to address some gaps in the security structure of the OS and limit damage in case of exploitation by malicious content. This is done so by reinforcing the existing UID sandbox so that there is a clear separation between different apps.
So why is this controversial? Well, this has to do with the history of SELinux, more specifically its primary development. SELinux was originally developed by NSA, an agency which is not having its best days under the sun due to the leaking of the details about PRISM and how they were snooping on people without any regard for their rights and their freedom. So naturally, anything that is linked to NSA at the moment is getting people nervous. But it is worth pointing out over here that SELinux is open source, so it doesn’t have any piece of code hidden in its patches which allows a backdoor for the government. And also that NSA has had very little to do with SELinux in the past few years as it was integrated into Linux in 2003 and since then Linux developers have been the ones responsible for most of the updates and changes in the code.
Keychains and Keystores:
Android 4.3 has added a new mechanism that allows developers to chain encryption keys to a specific piece of hardware. This allows them to create a private store to hold private keys from where they cannot be exported to another device. A similar functionality allows apps to generate exclusive keys that can only be used with the app and not be seen by other apps.
So what’s so good about this? This security measure will make sure that even if your Android is hacked, the hackers won’t be able to able to use or download your encryption keys and use them to make system calls.
In most Unix-based operating systems like Android and Linux, a program which has a setuid bit can usually make changes at a system level and gain root access. This means that a setuid program will be able to perform privileged operations and make changes wherever it wants. Most hackers use this setuid structure to exploit many devices.
But, in the new Android, the system area containing operating system program (/system partition) has been cut off so that normal Android apps even with a setuid flag may not be able to make changes. In programming jargon, the “/system partition” is now mounted as nosuid.
Android 4.3 allows third party apps to be able to configure the Wi-Fi credentials required for connecting to WPA2 enterprise access points. The apps can now use Android system calls to customize Extensible Authentication Protocol (EAP) and Encapsulated EAP (Phase 2) credentials so that they can connect using authentication methods used in the enterprise.
Additional Security Features:
The above mentioned changes were exclusive to the Android 4.3, but Google has also released two significant security updates for all devices running on Android 2.3 or upwards.
First off, Google has moved the Verify Apps feature which scans apps for potential malware form the OS to Google Play. The feature will now check all apps being installed from either third-party app stores or from direct .apk files in addition to the official Google Play store.
Secondly, Google is finally releasing an app called Android Device Manager which will act as a lost phone app and will allow users to remotely manage, block, locate or even wipe their lost devices.
The new Android 4.3 is indeed a sweeter jelly bean as it provides its users with a greater security blanket so that they do not become the target for hackers. Overall, a great update![Via: Android Authority]