Google strengthens Android OS protection
In late October, Google, without having a special presentation, announced a new version of the Android OS. Despite the fact that many were waiting for the release of Android Key Lime Pie, the corporation limited itself to a cumulative update from Android 4.1 to 4.2, retaining the name Jelly Bean. The functions presented raised a lot of questions, they say, but what did the update bring, apart from new spherical shots, widgets on the lock screen and a couple of whistles? The Android Developers website is still silent like a fish, but Computerworld managed to get comments from Hiroshi Lockheimer , Vice President of Design and Development for Android , who unveiled the curtain on system security improvements.
In February 2012, Google finally drew attention to frequent messages from users and companies like Symantec and F-Secure about malware in the Android Market. The complaint was answered by the introduction of the Bouncer defense mechanism. The essence of the mechanism consisted in testing applications on Google servers that detected suspicious behavior. However, fairly quickly, Bouncer discovered defects that allowed attackers to hide malicious activity. In response, Google has significantly changed the terms of placement of applications on the Play Store, without having to understand whether it is Trojans in applications or overly curious analytics and targeted advertising tools, simply limiting the use of such tracking utilities.
Now, Google is adding a new layer of protection against applications not installed from the Play Store. Google did not delete the item in the settings that allows you to enable sideloading, that is, downloading applications from other sources independent of Google. Now most anti-virus companies report a phenomenal, almost a thousand-fold increase in malware options for Android, but they do not focus on the fact that the vast majority of such threats do not come from the Google Play Store and the Amazon App Store, but at the expense of countries where access to closed to these stores, or almost never used (mainly in Asia, where Google’s presence is not welcomed by governments). Now, a special cloud scanner will be included in the Android source codes, which will check applications downloaded from third-party sources. The first time you try to install such an application, the system will ask the user for permission to activate this scanner, which will collect anonymous data about the application being installed on Google’s servers, after which the utility will either block the installation, or warn about dangerous rights requests, or, without finding any clues, continue installation . If the user wants to install the application, despite the blocking, the scanner can always be disabled in the settings. Mr. Lockheimer, when asked whether this innovation is a consequence of the VirusTotal takeover, answered in the negative and stated that VirusTotal is only being integrated into the Google infrastructure and is not yet used in Android. which will collect anonymous data about the application being installed on Google’s servers, after which the utility will either block the installation, or warn of dangerous rights requests, or, without finding the clues, will continue the installation. If the user wants to install the application, despite the blocking, the scanner can always be disabled in the settings. Mr. Lockheimer, when asked whether this innovation is a consequence of the VirusTotal takeover, answered in the negative and stated that VirusTotal is only being integrated into the Google infrastructure and is not yet used in Android. which will collect anonymous data about the application being installed on Google’s servers, after which the utility will either block the installation, or warn of dangerous rights requests, or, without finding the clues, will continue the installation. If the user wants to install the application, despite the blocking, the scanner can always be disabled in the settings. Mr. Lockheimer, when asked whether this innovation is a consequence of the VirusTotal takeover, answered in the negative and stated that VirusTotal is only being integrated into the Google infrastructure and is not yet used in Android.
In addition, Google decided to make the screen for requesting rights (permissions) more visual. Previously, the abundance of textual information repelled users from trying to read warnings, but now graphic information has been added to textual information in the form of pictures that increase the user's perception.
If the application attempts to send messages to numbers with a short number, Android will display a notification requesting permission. In the future, the user can allow this in all cases, or prohibit it in all cases. The permissions screen, compared to 4.1, looks like this: Nevertheless, not everything is known exactly for improvements at the Linux kernel level. Android 4.1 has brought the full implementation of ASLR to the previously implemented NX . Now there are persistent rumors of implementation
SELinux is based on the findings of the US National Security Agency (NSA), which chose Android as the main mobile platform for the US armed forces. At least in Settings.apk of the leaked Nexus 4 dump there are such lines as:
In February 2012, Google finally drew attention to frequent messages from users and companies like Symantec and F-Secure about malware in the Android Market. The complaint was answered by the introduction of the Bouncer defense mechanism. The essence of the mechanism consisted in testing applications on Google servers that detected suspicious behavior. However, fairly quickly, Bouncer discovered defects that allowed attackers to hide malicious activity. In response, Google has significantly changed the terms of placement of applications on the Play Store, without having to understand whether it is Trojans in applications or overly curious analytics and targeted advertising tools, simply limiting the use of such tracking utilities.
Now, Google is adding a new layer of protection against applications not installed from the Play Store. Google did not delete the item in the settings that allows you to enable sideloading, that is, downloading applications from other sources independent of Google. Now most anti-virus companies report a phenomenal, almost a thousand-fold increase in malware options for Android, but they do not focus on the fact that the vast majority of such threats do not come from the Google Play Store and the Amazon App Store, but at the expense of countries where access to closed to these stores, or almost never used (mainly in Asia, where Google’s presence is not welcomed by governments). Now, a special cloud scanner will be included in the Android source codes, which will check applications downloaded from third-party sources. The first time you try to install such an application, the system will ask the user for permission to activate this scanner, which will collect anonymous data about the application being installed on Google’s servers, after which the utility will either block the installation, or warn about dangerous rights requests, or, without finding any clues, continue installation . If the user wants to install the application, despite the blocking, the scanner can always be disabled in the settings. Mr. Lockheimer, when asked whether this innovation is a consequence of the VirusTotal takeover, answered in the negative and stated that VirusTotal is only being integrated into the Google infrastructure and is not yet used in Android. which will collect anonymous data about the application being installed on Google’s servers, after which the utility will either block the installation, or warn of dangerous rights requests, or, without finding the clues, will continue the installation. If the user wants to install the application, despite the blocking, the scanner can always be disabled in the settings. Mr. Lockheimer, when asked whether this innovation is a consequence of the VirusTotal takeover, answered in the negative and stated that VirusTotal is only being integrated into the Google infrastructure and is not yet used in Android. which will collect anonymous data about the application being installed on Google’s servers, after which the utility will either block the installation, or warn of dangerous rights requests, or, without finding the clues, will continue the installation. If the user wants to install the application, despite the blocking, the scanner can always be disabled in the settings. Mr. Lockheimer, when asked whether this innovation is a consequence of the VirusTotal takeover, answered in the negative and stated that VirusTotal is only being integrated into the Google infrastructure and is not yet used in Android.
In addition, Google decided to make the screen for requesting rights (permissions) more visual. Previously, the abundance of textual information repelled users from trying to read warnings, but now graphic information has been added to textual information in the form of pictures that increase the user's perception.
If the application attempts to send messages to numbers with a short number, Android will display a notification requesting permission. In the future, the user can allow this in all cases, or prohibit it in all cases. The permissions screen, compared to 4.1, looks like this: Nevertheless, not everything is known exactly for improvements at the Linux kernel level. Android 4.1 has brought the full implementation of ASLR to the previously implemented NX . Now there are persistent rumors of implementation
SELinux is based on the findings of the US National Security Agency (NSA), which chose Android as the main mobile platform for the US armed forces. At least in Settings.apk of the leaked Nexus 4 dump there are such lines as:
Hidden text
SELinux status Disabled Permissive Enforcing
Sources
- JR Raphael , Exclusive: Inside Android 4.2's powerful new security system , Computerworld.
- Ron Amadeo , [Exclusive] Android 4.2 Alpha Teardown, Part 2: SELinux, VPN Lockdown, And Premium SMS Confirmation , Android Police.