Wednesday, November 5, 2014

Security and Android Lollipop

By now people have heard that the next version of Android, up to now being called "L" has a name and version number:  5.0 Lollipop.  It should be going out now to Nexus devices, no idea the schedule for others.

And with any new version of Android, we have to wonder about the security features of it.  Over the last few versions, we've seen Google make Android more secure and more "enterprise ready".  The biggest part of this was integration of some of Samsung's Knox product.  (which is kind of disappointing, as Google had the opportunity to integrate 3LM's work, which came from former Google engineers).

Now we hear there is more security features in Lollipop.

On laptops for several years, one standard security practice has been to do full disk encryption.  As smartphones have been used more and more not just as an adjunct to user's laptops, but as a replacement, we see more smartphones containing information that needs the same level of protection.  Now, encryption will be turned on automatically for new devices.  (tho I do have to wonder if this will include SD cards as well, else that will be a gaping hole).

For those not aware, SELinux is a kernel security mode that added more security access control to Linux.  As Android is based on Linux, it can take advantage of this.  Now SELinux was first introduced into KitKat (4.4), but it has been further integrated into the core of Android (whatever that means).  Android already has the ability to sandbox applications, but the addition of SELinux takes that further, and is something that government agency really want (especially as Blackberry, their previous go-to smartphone, is pretty much dead).

Google Play Services
In prior versions of Android, Google actually starting doing security feature updates thru their Google Play Services.  This is good as this could be more quickly updated, and could almost be seen as similar to AV updates.  This will become more true with Lollipop, as Google Play will be the source for security updates.

Smart Lock
Keeping your smartphone locked is a very basic security practice, but which many don't follow.  So Google is trying to make it easier to use, thus more likely to be used.  This will be done with Smart Lock, which will allow Android to be secured with bluetooth (paired with an Android Wear device or your automobile if it has Android Auto, or even with facial recognition.

Knox integration
As noted, Samsung Knox (or some of it), has been integrated into Android.  The biggest part of this is to allow multiple users to use a single Android device.   This is done by having separate profiles.  So this means one could have a separate profile for parents and children.  For the business user, this means they could have two profiles, one for business and one for personal use.

Articles of interest:

No comments:

Post a Comment