The next sweet to taste after Kitkat, “Lollipop” (Android 5.0), loaded on Nexus devices, is expected to hit the market next month, as announced by Google on October 15, 2014.
The much awaited Lollipop carries many improved and new ingredients, but we’ll concentrate on the security implications of the new OS:
- The “Factory Reset Protection” (opt-in Kill Switch) requires the user to enable and enter the Google login and a pass code to factory reset his/her device.
- “Automatic Data Encryption” shields the user data when the device is lost or stolen.
- “Enforced SELinux” for all applications to defend against exploits and malware.
- “Smart Lock Feature” allows only trusted devices for device pairing (user’s phone can be unlocked through the paired bluetooth device).
In addition to these “features”, we are eager to know if the experimental DM-Verity introduced in Kitkat (4.4) to protect the integrity of the device’s boot process is still imposed by default in Lollipop.
Another new feature, “Device sharing”, allows users to share the device among family members or friends under “Guest user” accounts. “Screen Pinning” restricts the guest to view only the pinned screens of the user. However, going further, Lollipop permits the user to login to another Android device remotely to access synced data contents. As one would know, Android malware utilizes every possible way to infiltrate the user’s device, and therefore the above said remote login raises eyebrows about the security implications in authenticating and controlling remote sessions.
The notable news for the corporate IT admins is that, with Lollipop, users can partition work and personal spaces within the device. However, the implications as far as the BYOD concept is concerned have yet to be spelled out.
Android Lollipop’s new security enhancements and features have raised a few questions. We are anticipating the answers!
Images courtesy of:
Senior Threat Researcher, K7TCL
If you wish to subscribe to our blog, please add the URL provided below to your blog reader: