| Clay Murphy | 6069273 | 2014-10-29 14:51:09 -0700 | [diff] [blame] | 1 | page.title=Security Enhancements in Android 5.0 |
| 2 | @jd:body |
| 3 | |
| 4 | <p>Every Android release includes dozens of security enhancements to protect |
| 5 | users. Here are some of the major security enhancements available in Android |
| 6 | 5.0:</p> |
| 7 | |
| 8 | <ul> |
| 9 | <li><strong>Encrypted by default.</strong> On devices that ship with L |
| 10 | out-of-the-box, full disk encryption is enabled by default to improve |
| 11 | protection of data on lost or stolen devices. Devices that |
| 12 | update to L can be encrypted in <strong>Settings</strong> > <strong>Security</strong>. |
| 13 | <li><strong>Improved full disk encryption.</strong> The user password is |
| 14 | protected against brute-force attacks using <code>scrypt</code> and, where |
| 15 | available, the key is bound to the hardware keystore to prevent |
| 16 | off-device attacks. As always, the Android screen lock secret and the device |
| 17 | encryption key are not sent off the device or exposed to any application. |
| 18 | <li><strong>Android sandbox reinforced with SELinux</strong>. Android now |
| 19 | requires SELinux in enforcing mode for all domains. SELinux is a |
| 20 | mandatory access control (MAC) system in the Linux kernel used to augment the |
| 21 | existing discretionary access control (DAC) security model. This new layer |
| 22 | provides additional protection against potential security vulnerabilities. |
| 23 | <li><strong>Smart Lock. </strong>Android now includes trustlets that provide |
| 24 | more flexibility for unlocking devices. For example, trustlets can allow |
| 25 | devices to be unlocked automatically when close to another trusted device (via |
| 26 | NFC, Bluetooth) or being used by someone with a trusted face. |
| 27 | <li><strong>Multi user, restricted profile, and guest modes for phones & |
| 28 | tablets.</strong> Android now provides for multiple users on phones and |
| 29 | includes a guest mode that can be used to provide easy temporary access to your |
| 30 | device without granting access to your data and apps. |
| 31 | <li><strong>Updates to WebView without OTA. </strong> WebView can now be |
| 32 | updated independent of the framework and without a system |
| 33 | OTA. This will allow for faster response to potential security issues in |
| 34 | WebView. |
| 35 | <li><strong>Updated cryptography for HTTPS and TLS/SSL.</strong> TLSv1.2 and |
| 36 | TLSv1.1 is now enabled, Forward Secrecy is now preferred, AES-GCM |
| 37 | is now enabled, and weak cipher suites (MD5, 3DES, and export cipher suites) |
| 38 | are now disabled. See <a |
| 39 | href="https://developer.android.com/reference/javax/net/ssl/SSLSocket.html">https://developer.android.com/reference/javax/net/ssl/SSLSocket.html</a> |
| 40 | for more details. |
| 41 | <li><strong>non-PIE linker support removed.</strong> Android now requires all |
| 42 | dynamically linked executables to support PIE |
| 43 | (position-independent executables). This enhances Android’s address space |
| 44 | layout randomization (ASLR) implementation. |
| 45 | <li><strong>FORTIFY_SOURCE improvements.</strong> The following libc |
| 46 | functions now implement FORTIFY_SOURCE protections: <code>stpcpy()</code>, |
| 47 | <code>stpncpy()</code>, <code>read()</code>, <code>recvfrom()</code>, |
| 48 | <code>FD_CLR()</code>, <code>FD_SET()</code>, and <code>FD_ISSET()</code>. This |
| 49 | provides protection against memory-corruption vulnerabilities involving |
| 50 | those functions. |
| 51 | <li><strong>Security Fixes.</strong> Android 5.0 also includes fixes for |
| 52 | Android-specific vulnerabilities. Information about these vulnerabilities has |
| 53 | been provided to Open Handset Alliance members, and fixes are available in |
| 54 | Android Open Source Project. To improve security, some devices with earlier |
| 55 | versions of Android may also include these fixes. |
| 56 | </ul> |