Along with support for Bluetooth Smart and Restricted Profiles Google has added some stronger security features to the latest release of the Android mobile operating system. Android 4.3 Jelly Bean, which Google is calling “a sweeter Jelly Bean”, adds support for Wi-Fi configuration on WPA2-Enterprise networks as well as a variety of internal changes that make it more difficult for hackers (and the NSA) to exploit security vulnerabilities.
The seemingly most controversial change to Android 4.3 is the activation of SELinux. It is seen as a controversial move due to its links with the NSA. Since the NSA isn’t getting much good press at the moment, people are incorrectly linking the SELinux project, the NSA and fears about snooping. It is true that the NSA was the original and primary developer of SELinux but that is almost irrelevant today. Some key points to remember are that the SELinux patches are open source and not some secret code inserted by the U.S. government; that SELinux has been integrated into Linux since 2003 meaning it has been used by various Linux distributions for nearly a decade now; and that other companies such as Red Hat have made major contributions to SELinux. If you are still undecided you should read Yes, the NSA contributed code to Android. No, you don’t have to freak out about it and NSA? Break out the tinfoil hats for more background information.
Fear, uncertainty and doubt (FUD) aside, SELinux is designed to address the gaps in the Android’s security model and limit the damage that can be done by flawed or malicious apps. It does this by reinforcing Android’s existing UID based sandbox and guarantees separation between apps. It is however worth noting that as of Android 4.3 the SELinux implementation runs in ‘permissive mode’ rather than the more stringent enforcing mode. However Google will likely enable the enforcing mode somewhere later down the road.
Android 4.3 adds new system calls that allows developers to bind encryption keys to a certain piece of hardware. This means that a private store can be created to hold private keys which can not be exported to another device, even if the device is compromised. Along with the new KeyChain system calls, Google has added a functionality that allows apps to create exclusive-use keys that can only be used by that app and can’t be seen or used by other apps. These keys can also benefit from the same enhanced security features like binding them to a specific device.
What this means is that even if a security vulnerability is discoverer in Android and exploited, hackers can’t download and use any encryption keys stored on the device using these new system calls.