Android Update Adds Tougher Security Controls
Android 4.3 is out, and it brings a number of new security features, including finer control over individual app permissions and a more robust way to create and store passwords.
While Android 4.3 brings a number of noticeable improvements, such as support for Arabic and Hebrew and improved camera functionality, its security updates are a bit harder to spot in action. The most substantial update comes in the form of Security-Enhanced , which aims to prevent phone hacks and hijacks.
SELinux is, as the name suggests, is a modification of the Linux operating system that allows users to customize security parameters on an application-by-application basis. The United States' National Security Agency first developed SELinux. (In an age of , take that for what you will.)
At present, Android apps employ "discretionary access control," which means that any user can assign permissions (when installing or updating an app, for example) as programs require rather than making comprehensive permission policies for all apps on a device.
SELinux utilizes "mandatory access control" instead, which allows only an administrator to change permissions policy. Since each user is effectively the administrator of his or her own phone, this will make hacks much harder without curtailing ease-of-use.
For example, with SELinux, a user can still install a new app that requests access to his or her Facebook contacts. However, a hijacker who distributes a fake app and tries to leverage it to change permissions on other apps would find himself out of luck.
Android Keystore, which allows developers to design in apps, will also get a few new features. While the Keystore used to be accessible from all apps, developers will now be able to make app-specific Keystore passwords. This protects users from shady apps, which could learn passwords by taking advantage of Keystore cross-functionality.
These features will make Android 4.3 considerably safer than its predecessor, and users would be wise to download the update as soon as possible. The update for Nexus phones and tablets will hit today, while other Android devices will receive the update as their mobile carriers allow.
To be fair, Android 4.3's security updates are not nearly as visible or user-friendly as its camera or texting enhancements, but they might prove more useful in the long run. Showing off foreign languages and connecting to effortlessly are all well and good, but they won't do you much good if a hostile app overtakes your system.