Links on Android Authority may earn us a commission. Learn more.
Google adds seven new security features to Android
The seemingly most controversial change to Android 4.3 is the activation of SELinux. It is seen as a controversial move due to its links with the NSA. Since the NSA isn’t getting much good press at the moment, people are incorrectly linking the SELinux project, the NSA and fears about snooping. It is true that the NSA was the original and primary developer of SELinux but that is almost irrelevant today. Some key points to remember are that the SELinux patches are open source and not some secret code inserted by the U.S. government; that SELinux has been integrated into Linux since 2003 meaning it has been used by various Linux distributions for nearly a decade now; and that other companies such as Red Hat have made major contributions to SELinux. If you are still undecided you should read Yes, the NSA contributed code to Android. No, you don’t have to freak out about it and NSA? Break out the tinfoil hats for more background information.
Fear, uncertainty and doubt (FUD) aside, SELinux is designed to address the gaps in the Android’s security model and limit the damage that can be done by flawed or malicious apps. It does this by reinforcing Android’s existing UID based sandbox and guarantees separation between apps. It is however worth noting that as of Android 4.3 the SELinux implementation runs in ‘permissive mode’ rather than the more stringent enforcing mode. However Google will likely enable the enforcing mode somewhere later down the road.
KeyChains and Keystore Providers
Android 4.3 adds new system calls that allows developers to bind encryption keys to a certain piece of hardware. This means that a private store can be created to hold private keys which can not be exported to another device, even if the device is compromised. Along with the new KeyChain system calls, Google has added a functionality that allows apps to create exclusive-use keys that can only be used by that app and can’t be seen or used by other apps. These keys can also benefit from the same enhanced security features like binding them to a specific device.
What this means is that even if a security vulnerability is discoverer in Android and exploited, hackers can’t download and use any encryption keys stored on the device using these new system calls.
In Unix-like operating systems, which include Linux and hence Android, a program may gain ‘root’ access because the binary has been marked with the setuid flag (or the setuid bit as the system admins like to say). This means that a program run by a normal user can perform privileged operations. On a Linux system a program like passwd (which allows the user to change their password) has the setuid bit because changing passwords alters files at a system level. If a malicious program has the setuid bit set then that program can do almost whatever it likes. And one common way for hackers to exploit a system is to find a setuid program and somehow alter it to do their evil bidding.
With Android 4.3, the system area which holds many of the operating system programs (called the /system partition) is now configured in such a way that normal Android apps can no longer use the setuid functionality even if the flag is set. This reduces the ways in which malicious apps can exploit any potential security vulnerabilities.
Those interested in the precise technical terms – the The /system partition is now mounted nosuid for zygote-spawned processes, preventing Android applications from executing setuid programs.
Android 4.3 now allows developers to create apps that configure the Wi-Fi credentials needed for connecting to WPA2 enterprise access points. These apps can access new Android system calls to configure Extensible Authentication Protocol (EAP) and Encapsulated EAP (Phase 2) credentials for authentication methods used in the enterprise. Previously configuring and connecting to such secured networks was not something third party apps could do.
Not just Android 4.3
The five security enhancements added by Google only apply to Android 4.3, however Google has also added two significant security features which are available for every Android device using Android 2.3 an upwards (in other words about 96% of all Android devices with access to Google Play).
First Google has moved the Verify Apps feature, which scans any apps that are being installed and blocks the harmful ones, from the OS (where is was added as part of Android 4.2) into the Google Play Services. The scanner checks all apps including those being installed directly from .apk files or from third-party app stores.
Second, Google is rolling out its new “find my phone” type app called the Android Device Manager. Android has long been criticized for not having a built-in lost phone app. The new service allows users to remotely manage, locate, block, or wipe their misplaced devices.
What it all means