Site icon Panda Security Mediacenter

Update to Lollipop as soon as you can: These are the security improvements included in Android 5.0

Google has now launched the long-awaited Android 5.0, the new version of its mobile operating system. Do you want to know why you should update your smartphone’s software? We give you the first clues here.

Adrian Ludwig, security engineer at Google, says in the official Android blog that their goal is to “stay two steps ahead of the bad guys” and this is Lollipop’s intention too. “Not only is Lollipop the sweetest update of Android to date, we also built in a rigid (security) Lollipop stick for the core and Kevlar wrapping on the outside—to keep you safe from the bad guys, inside and out.”

One of the most secure ways of keeping data safe is to use the screen lock or pattern. However, Google is aware that many users do not use this measure because, among other reasons, it makes it difficult to use the phone when it is connected to another device.

For this reason, the new operating system includes Smart Lock, which unlocks the phone when it is paired with a wearable or a hands-free device in the car via Bluetooth or NFC.

The phone can also be unlocked using facial expressions. Although this feature was available in version 4.0, in the new version of the Android operating system this application has been improved by constantly analyzing the user’s expressions.

Finally, in order to encourage users to install phone lock patterns and make them more secure, Android has included the option to receive on-screen notifications, even though the phone is locked, and access them more quickly.

Another security measure in Lollipop is related to encryption, which is no longer optional and will be really useful for less experienced users. Device encryption will be automatically enabled when the device is switched on. It uses a unique key that never leaves the device.

However, Google acknowledges that users with older devices that update their version of Android will have to enable the encryption feature manually themselves, which will not happen in devices shipped with this operating system.

Android has always tried to make sure that its apps access as little data on the phone as possible but in this respect its software has never been without its problems. Version 4.2 included Security Enhanced Linux, known as SELinux, which audited and monitored every action and left less room for attack.

SELinux defines the permissions of every user, app, process and file on the system and controls their actions and interactions following a strict security policy. This prevents any file – not even those downloaded from Google Play – from modifying the phone’s essential parameters.

Although this service was offered in previous versions, it has now been boosted to respond particularly to enterprise and government environment as, according to Ludwig, the majority of the members of different governments use Android. SELinux currently runs in enforcing mode, that is, all of the security policies are loaded and enabled on the device. It was not the same in previous versions, where the user could choose to use enforcing mode, permissive mode – where the security policies were loaded but not applied – or even turn it off.

Have you ever had your phone stolen? Having Lollipop installed could help you. It has the Factory Reset Protection feature, which disables stolen phones, only requiring the Google password to wipe the phone’s data remotely.

The new version of Android also keeps the device away from malicious websites when the user performs searches in the browser. In addition, it seems that everyone can create multiple user accounts to securely share the device with a friend or do so using guest user mode.

The heads of security at Android claim that the probability of a cyber-crook attacking the device using malicious software is 1 in 1,000. But the main dangers facing users is when the phone is lost or stolen. It is for these cases that the new security measures are designed. What are you waiting for to update your operating system?

 

Exit mobile version