Android KitKat Security Teardown: 4 Hits, 1 Miss - InformationWeek
11:11 AM

Android KitKat Security Teardown: 4 Hits, 1 Miss

Google sweetens Android with SELinux, plus anti-rootkit technology that makes life difficult for malware -- but also for Android modders.

4. Per-User VPN

Another security improvement is the inclusion of a VPN which -- on multiuser devices, meaning tablets -- can be applied on a per-user basis. "This can allow a user to route all network traffic through a VPN without affecting other users on the device," according to Google.

But there is a caveat. "The downside is that -- from what we see with the AOSP build -- VPN settings are only available for the first tablet user, while other users have to do without VPN at all," according to BitDefender.

5. Finally, Individual App Permission Controls -- Not

One notable omission from Android 4.4 was the promised ability to review the permissions being used by apps, and to revoke them on an app-by-app basis.

"Back in Android 4.3, Android introduced a feature that was supposed to let users individually deny or allow permissions for every application installed on the device," according to BitDefender. "The feature, buried inside an activity called App Ops, was something both average users and security companies have been demanding for years and it would have been for sure nice to have it introduced in KitKat."

Now, however, App Ops appears to have been excised completely, following an Aug. 2, "completely remove app ops activity" change to the Android code base made by Google.

A Google spokeswoman didn't immediately respond to an emailed request for comment on the status of the App Ops feature.

Numerous Security Upsides

The uncertain status of App Ops notwithstanding, the KitKat security enhancements are good news for Android fans. As always, users of older Android devices may have to wait for weeks or months -- or forever, in the case of some particularly laggard carriers and manufacturers -- to see a KitKat update for their devices. But everyone else, including buyers of many new Android smartphones and tablets, will get KitKat installed by default, and from a security standpoint, benefit accordingly.

2 of 2
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
1/4/2015 | 1:06:37 PM
My "smart phones" have been hacked, so to speak, for 2 months now. Someone managed to set up an Advanced VPN in our devices and complete factory resets do not get them out. They are using the IP addresses. I had no idea these devices were so easy for someone to overtake. I've spent hours on the phone trying to get someone to track the hackers rather than simply flash the devices.
User Rank: Strategist
11/6/2013 | 3:09:43 AM
re: Android KitKat Security Teardown: 4 Hits, 1 Miss
I'm glad to see Android get smarter about security. It needed to.
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll