While we all welcome new releases of Android with general excitement and a little bit of consternation — when will it be available for MY PHONE? — there’s more to the release of 4.3 than smart profiles, dial pad auto-complete, updated keyboard input, a new camera UI, and a variety of other features that you can view and interact with (there are a lot more than the measly list I’ve just provided, btw).
What Google did in addition to what you can see, is what you can’t see: a universal app-scanning system. The new system watches your device for any new application, even one loaded directly onto the device (“sideloaded”) from outside of the Google Play Store, and instantly checks the app for malicious or potentially harmful code. AppBrain Store and Amazon App store, and even .apk’s you make or get from your friends. If you can get the file onto your 4.3 operating system Android phone, you get universal scanning.
Google initially launched the feature, known as Verify Apps, with Android 4.2 last November. Since then, Google has made it automatically available to every device running Android 2.3 or higher (or about 95% of all Android phones).
Some features of this new (well, “better stronger faster” version of the verify code they’ve had before) security feature includes the addition of a security extension known as SELinux—short for Security-Enhanced Linux—to reinforce Android’s current hack-mitigation model. Android runs apps inside a “sandbox” that restricts the data they can access and isolates code they can execute from other apps and the operating system as a whole. Linux is built and run on something called discretionary access controls, which is a fancy way of creating access levels for things that run on your phone and keeping them to their approved secure level; like a key card in an office building where people on the first floor just cannot get into the fourth floor with their key card, but can do everything they need to do on the first floor without issue. This prevents the pilfering of sensitive passwords by a rogue app a user has been tricked into installing or by a legitimate app that has been commandeered by a hacker.
Google’s new system has benefited even me, security girl, personally. Despite suspenders and a belt – Lookout Mobile Security and Sophos Naked Security installed on my phone – I received a verify alert on a live wall paper I’d updated; it had passed several checks prior, but apparently in the fourth update code had been introduced that was considered malware. Even software that you trust and have used extensively can fall prey to sloppy coding that can open holes in security that can make them seem indistinguishable from actual malware (and make you just as vulnerable).
But back to SELinux: originally developed by the National Security Agency, SELinux allows varying levels of trust to each app and dictates what kind of data an app can access inside its confined domain. Given recent concerns about NSA privacy issues, and the fact that Google seems likely to spit blood rather than directly introduce new spying technology to its flagship operating system, I’m willing to not worry about this update and take its pedigree as originating with the NSA as a positive; ie: our best minds are working on it (rather than say, listening in on a call from Grandma in Europe).
Another change in favor of security has been made to the Android Key Chain. The Key Chain stores digital certificates used to access Wi-Fi networks and virtual private networks, including those for major corporations or the government (or just the people next door from whom you “borrow” access now and again). A big risk with this type of storage on your phone is that if your phone is stolen or lost, those credentials are available to anyone who finds it/takes it and has the skill to root your phone and/or use available tools (out there in the wild) to make the most of your security loss. This is a huge concern if, say, you’re a Secret Service Agent.
Effectively, Google has changed the coding for the Android Key Chain to reduce exposure if someone unfriendly gets your phone. I could go more indepth about what they did – securing encryption and security to hardware on the phone rather than as it currently exists with just the software – but I’m falling asleep here just trying to tell you about it, so go with me: its more secure.
Enhancements to the Android Keystore, a similar resource to the Key Chain that also stores credentials, allows users to create keys that can be accessed and used exclusively by a single application–sort of like the keys that can be generated for single applications if you use 2 step Authorization for your Google Account. Under version 4.3, apps can create or store private keys that cannot be seen or used by other apps, which is good if you have one rogue app already playing in its own sandbox (through SELinux) and therefore unable to access/see any other application permissions/passwords/super secret fuzzy bunnies.
Profiles, which are awesome if you want to hand your phone off to a kid and let them go crazy without worrying they’ll use the Chrome app to look up porn are also part of the overall security package available in 4.3. Each restricted profile offers an isolated and secure space with its own local storage, home screens, widgets, and settings – this means that in addition to Timmy not being able to access Netflix’s R rated offerings, anything that he does cannot affect anything in any other profile from a security perspective as well as from a “what the heck did you kids do to my home screen?” perspective. Note: profiles does not protect your phone from jelly covered fingers.
Finally, 4.3 secures WiFi connections and credentials with better encryption that was used before. This means, in security speak, that Google has reduced attack surfaces into your phone or tablet, both when connecting to WiFi and when using headsets or other devices that work with your Android devices that might have, in the past, been more easily compromised by people seriously looking to rain on your Android loving parade.
What all these changes mean to you is that on the Play Store side, if something is flagged as problematic, it won’t be published (as usual). On your device, if a red flag comes up — even just for something as seemingly innocuous as an app that might send SMS messages on your behalf without your knowledge — the security system will warn you and recommend you avoid proceeding with whatever you’re doing, from installing to granting further permissions you might not wish to grant.
As always, to help Google keep your device secure, always lock your device (Settings -> Security), install anti-virus, use encryption (Settings -> Security -> Locations and Security, set Data encryption), never download apps from an untrusted source (even if you’re friend totally recommends it, go to the site and download there and not from a shared apk and then only from a site you know and trust), and always check app permissions (if it’s an app that makes a clown dance on your screen, it probably doesn’t need access to your passwords, contact list, internet connection, mother’s maiden name, etc.).