By now, I think most people know that the new version of Android is 4.4, and is called "Kit Kat". Yes, the candy. Most people thought the next version would be 5.0 and that it would be called "Key Lime Pie". For those not aware, major versions of Android have been named after deserts, and in alphabetic order. The next letter would be "K", and the rumors was it would be "Key Lime Pie".
Now that Google has released it, we now more about it. It seems we don't have a lot of new flashy features, but more fundamental improvements.
So, as the focus here is on security, how has security been improved in 4.4?
I think the most important aspect is an effort by Google to address the "fragmentation" issue of Android. For those who don't understand what this is, a little explanation. With PCs, we have a lot of manufacturers making PCs (workstations, laptops, PCs), but all use the Windows OS. While the hardware is different, its all the same OS, and when Microsoft rolls out a new patch, it gets rolled out to everyone and is installed. But with Android devices, for some reason manufacturers have to make changes to the Android OS to get it to work on their devices. This means new versions are delayed getting rolled out to existing devices, or sometimes never get rolled out. Thus there are devices out there that can be 1, 2 or more versions behind. Not good, as not just new features are missed, but new security features.
So, in an effort to address this, the system requirements for 4.4 is actually less then prior versions. This is called "Android for Everyone". I wonder how this might affect things? There are a LOT of devices out there that aren't on 4.2 or even 4.3 (my phone and tablet are both on 4.1.2). Might this mean that devices that were passed over will get 4.4 now? I hope so.
Another new feature is an extension to NFC (Near Field Communications) to allow for HCE (Host Card Emulation). This means the device can be used for payments, loyalty programs, card access, transit passes, and other custom services. This may add to security issues, so something to keep an eye one.
And finally, some other security enhancements have happened. SELinux has had its configuration updated from "permissive" to "enforcing". And two more cryptographic algorithms have been added: Elliptic Curve Digital Signature Algorithm (ECDSA) to the keystore provider improving security of digital signing; and Scrypt key derivation function to protect the cryptographic keys used for full-disk encryption.
So, it will remain to be seen how quickly this is rolled out.
Sources for more information:
Tech Republic article