Android Security Gets Better with Lollipop
It's reassuring to see Google deploying new and improved security features as its mobile OS matures.Android has been around for years, and it has seen its share of malware, even in Google’s official Play store. Although third-party security vendors had to jump in and come up with a line of defense against ill-intended apps, Google had the inspiration to introduce the Bouncer app-vetting system that kicked malicious apps out of its marketplace.
Increasing demand for new security features encouraged Google to slowly add mechanisms designed to protect against both malicious apps and cybercriminals trying to exploit system vulnerabilities.
Hoping for the Best
Right before KitKat was released, we had our fingers crossed for a few security improvements we hoped would make a difference in the quest for flawless device security. Among our wishes were antivirus scanner APIs, control over individual app permissions, the ability for some apps to survive a full wipe (in case a device is stolen and wiped, antitheft apps should survive), special sandboxing for apps downloaded from untrusted sources, and even separate profiles for business and personal uses.
Of course, all of this seemed a bit much, especially from one distribution to another. Progress takes time, and Google wasn’t in enough of a rush to simply release security features without properly testing them. So, by the time we saw the new Android Lollipop, some of our wishes took a step closer to reality.
One Small Step for Android …
Some of our predictions, such as antivirus scanner APIs, will probably not make it any time soon to Android, but they are likely on some product manager’s roadmap.
New connectivity APIs, though, made their way onto Lollipop, favoring a more seamless communication between Android smartphones and the plethora of Android devices out there such as TVs, smartwatches, and smartbands. While our predictions were half right, Google went a different way by aiming for compatibility with the Internet of Things instead of going for security vendors.
But all is not lost, as security has been upgraded thanks to the default SELinux enforcing mode for all applications, meaning that malware will have a hard time exploiting system vulnerabilities.
Among some of the new security features, there’s now a geo-fencing option (Trusted Places) that allows devices to stay unlocked when inside a trusted perimeter such as your home. It’s a pretty nifty feature that takes away the need to always input your security pin code even at home, as there’s no risk of strangers eyeballing your personal information.
There’s also a new data encryption feature that’s most useful when you’re using an Android device for both personal and business activities, as you can rest assured that your company documents will safely stay undecipherable in case your phone or tablet is lost or stolen. Google has taken into account Bring Your Own Device policies and seems to have added more than just encryption, as support for multiple profiles has also been improved.
The Future’s Bright
While only some of our predictions have come true, it’s heartwarming to see Google deploying new and improved security features as its mobile OS matures. In light of the recent boom in smart gadgets that rely on Android communication APIs to work properly, we just might see more improvements on the security side, now that they’ve got the user interface covered by the new material design.
Liviu Arsene is a Global Cybersecurity Researcher for Bitdefender, with a strong background in security and technology. Researching global trends and developments in cybersecurity, he focuses on advanced persistent threats and security incidents while assessing their impact ... View Full BioWe welcome your comments on this topic on our social media channels, or
[contact us directly] with questions about the site.
More Insights