| Clay Murphy | bc57d17 | 2015-10-14 17:52:08 -0700 | [diff] [blame] | 1 | page.title=Security Enhancements in Android 6.0 |
| 2 | @jd:body |
| 3 | |
| 4 | <p>Every Android release includes dozens of security enhancements to protect |
| 5 | users. Here are some of the major security enhancements available in Android |
| 6 | 6.0:</p> |
| 7 | <ul> |
| 8 | <li><strong>Runtime Permissions</strong>. Applications request permissions at |
| 9 | runtime instead of being granted at App |
| 10 | install time. Users can toggle permissions on and off for both M and pre-M |
| 11 | applications.</li> |
| 12 | <li><strong>Verified Boot</strong>. A set of cryptographic checks of system |
| 13 | software are conducted prior to |
| 14 | execution to ensure the phone is healthy from the bootloader all the way up to |
| 15 | the operating system.</li> |
| 16 | <li><strong>Hardware-Isolated Security</strong>. New Hardware Abstraction |
| 17 | Layer (HAL) used by Fingerprint API, Lockscreen, |
| 18 | Device Encryption, and Client Certificates to protect keys against kernel |
| 19 | compromise and/or local physical attacks</li> |
| 20 | <li><strong>Fingerprints</strong>. Devices can now be unlocked with just a |
| 21 | touch. Developers can also take |
| 22 | advantage of new APIs to use fingerprints to lock and unlock encryption keys.</li> |
| 23 | <li><strong>SD Card Adoption</strong>. Removable media can be |
| 24 | <em>adopted</em> to a device and expand available storage for |
| 25 | app local data, photos, videos, etc., but still be protected by block-level |
| 26 | encryption.</li> |
| 27 | <li><strong>Clear Text Traffic</strong>. Developers can use a new StrictMode |
| 28 | to make sure their application doesn't use |
| 29 | cleartext.</li> |
| 30 | <li><strong>System Hardening</strong>. Hardening of the system via policies |
| 31 | enforced by SELinux. This offers better |
| 32 | isolation between users, IOCTL filtering, reduce threat of exposed services, |
| 33 | further tightening of SELinux domains, and extremely limited /proc access.</li> |
| 34 | <li><strong>USB Access Control:</strong> Users must confirm to allow USB |
| 35 | access to files, storage, or other |
| 36 | functionality on the phone. Default is now <em>charge only</em> with access |
| 37 | to storage requiring explicit approval from the user.</li> |
| 38 | </ul> |