Google strengthens the protection of the Android OS
In late October, Google, without a special presentation, announced a new version of Android OS. Despite the fact that many were waiting for the release of Android Key Lime Pie, the corporation limited itself to a cumulative update from Android 4.1 to 4.2, retaining the name Jelly Bean. The functions presented raised a lot of questions, they say, and what did the update bring, apart from the new spherical snapshots, the widgets on the lock screen, and a couple of whistlers? The site of Android Developers is still silent as a fish, but Computerworld was able to get comments from the vice president for design and development of the Android division, Hiroshi Lockheimer , who opened the veil on system security improvements.In February 2012, Google finally paid attention to the frequent reports of users and companies like Symantec and F-Secure about malware in the Android Market. The answer to the complaints was the introduction of a protective mechanism Bouncer. The essence of the mechanism was to test applications on Google servers that detect suspicious behavior. However, rather quickly, Bouncer found defects that could allow attackers to hide malicious activity. In response, Google has significantly changed the conditions of placing applications in the Play Store, not becoming to understand the Trojans in applications or too curious means of analytics and targeted advertising, simply limiting the use of such tracking tools.
Now, Google adds a new layer of protection from applications not installed from the Play Store. Google did not delete the item in the settings, allowing you to turn on sidedloader, that is, download applications from other, independent of Google sources. Now, most antivirus companies report a phenomenal, almost thousandfold increase in malware options for Android, but do not emphasize that the vast majority of such threats come not from the Google Play Store and the Amazon App Store, but from countries where access to these stores are closed or practically not used (mainly in Asia, where the presence of Google is not welcomed by the governments of the countries). Now, a special cloud scanner will be included in the Android source code, which will check applications downloaded from third-party sources. When you first try to install such an application, the system will ask the user for permission to activate this scanner, which will collect anonymous data about the application being installed on the Google server, after which the utility will either block the installation, or warn you about dangerous requests for rights, or, without finding any hooks, will continue . If the user wants to install the application, despite the blocking, the scanner can always be disabled in the settings. Mr Lockheimer, when asked whether this innovation is a consequence of the takeover of VirusTotal, answered negatively and said that VirusTotal is only being integrated into the Google infrastructure and is not yet used in Android.In addition, Google decided to make the rights (permissions) request screen more visual. Previously, the abundance of textual information repelled users from attempts to read warnings, but now graphic information in the form of pictures that enhance the user's perception has been added to the textual information.
In the case of an application attempting to send messages to numbers with a short number, Android will display a notification asking for permission. In the future, the user can allow it in all cases, or prohibit it in all cases. The screen of permissions in comparison with 4.1 looks like this:
')
However, not everything is known exactly for improvements at the Linux kernel level. Android 4.1 introduced the full ASLR implementation to the previously implemented NX . Now there are persistent rumors about the implementation of SELinux based on the developments of the National Security Agency of the USA (NSA), which chose Android as the main mobile platform for the US armed forces. At least in the Settings.apk of the leaked Nexus 4 dump there are such lines as:
Hidden text
<string name = "selinux_status"> SELinux status </ string> <string name = "selinux_status_disabled"> Disabled </ string> <string name = "selinux_status_permissive"> Permissive </ string> <string name = "selinux_status_enforcing"> Enforcing </ string>
Sources
- JR Raphael , Exclusive: Inside Android 4.2's powerful new security system , Computerworld.
- Ron Amadeo , [Exclusive] Android 4.2 Alpha Teardown, Part 2: SELinux, VPN Lockdown, And Premium SMS Confirmation , Android Police.
Source: https://habr.com/ru/post/157157/
All Articles