In Depth: Google’s Android Lollipop Suite of Security Features

October 28, 2014 - Written By Phil Bourget

As we discussed earlier today, Android Lollipop will bring a lot to the table in regards to security for users and their data.  We also went over a few of the main ways that this will happen, but I’d like to take some time to explain a little more in depth about some of them, as well as more ways that Google hasn’t exactly announced yet.  Let’s get started. So previously, we talked about how Android and SELinux will be working to secure your data from attacks and threats during boot-up and startup.  But Google has worked into Lollipop a true trump card, and it’s big, but almost invisible unless you know that it’s working.  Google Play has been able to scan any and all installed apps for malicious code, but since the ability to do so was added, Google has upped the ante.  Your default browser, whether it be Chrome or otherwise, a Lollipop-clad device will be able to track and protect against potentially harmful websites, as well as, get this, potentially hazardous activity on your wireless network.

That will be a great addition to the bragging rights list, as well as the arsenal that Android and SELinux have against the malicious online.  But SELinux, as discussed earlier, will be an even stronger version, and here’s exactly why and what it does. For those that remember what SELinux is, hold tight.  For those that don’t here’s a brief summary; SELinux, or Security-Enhanced Linux, is a kind of kernel, which links the firmware of the Android OS to the hardware on the motherboard of the device, that checks for threats in the firmware and software and actively blocks it.  It is what makes, and will make, Lollipop a hit with enterprise-minded folk, because it starts security from the second the device begins to boot to the second it shuts down.  SELinux has been in the ‘enforcing mode’ since it was introduced to Android a while back.  But now, in Lollipop, users will have an always-enforcing SELinux kernel to check for and force apps to abide by secure protocols. What that means is that the system will monitor all apps, and with all the apps being at the same high-security, ‘low-level’ (within the system hierarchy, that is) it makes the check easier for the monitoring system, while also making the security stronger than in previous version of Android. The new Smart Lock features in Lollipop are also a major new benefit for users.  Yes, there’s the traditional swipe, pattern, PIN, and password methods to secure the device, but there’s improvements here too.  I have previously just used swipe locks because I never let my phones leave my pockets or sight, but if it happened all my data would be at the mercy of someone that wasn’t me.  And that’s a problem.

With Lollipop, there’s the new Bluetooth ‘trusted devices’ policy.  It allows you to set a passcode of some type and, while connected to a user-designated Bluetooth device like a smartwatch or car, disables the security of the phone to just leave a swipe lock for convenience.  While disconnected, it resumes the secure lock, and requires it as usual.  The advancements here are what is to come of this type of security capability.  Things that might come into being, and benefit Android users, are Wi-Fi-based security, where a user sets a Wi-Fi network to have temporarily disable the device’s security, and even location-based security.  Location-based is the big one. With location-based security disablement, a user could set a radius around their desk at work, their home, or favorite cafe and have that be designated as  a ‘safe zone’ where the phone doesn’t require a passcode of any sort, besides swiping open.  And when the user is out of the designated area, the security resumes.  This would make Wi-Fi-based security obsolete, because GPS is more accurate than Wi-Fi in many cases, and, in conjunction with Bluetooth trusted devices, could enable a user to have their device be safe with them and at home, but safe on their desk while they’re at lunch.

Just as important as how a user can make unlocking a device convenient is how a device can unlock a device.  Say you’re like some Android fans, using Lollipop on your phone or tablet and you pull out your Chromebook for some quick studying before class.  You don’t have the patience to type your password, and you don’t have to. Your Lollipop-clad device can, if connected via Bluetooth LE and set up as a trusted device, authorize password-free entry to your Chromebook. The device just needs to be unlocked itself, and presto! The Lollipop-clad device can now act as a trusted Bluetooth device for your favorite Chrome OS-running device, and that’s not the best part.  The best part is that that capability is already here in limited quantities.  People have reported that they have the option and ability to use their Lollipop-clad Android device as a card key into their Chrome device, and that’s an update to security that many of us are probably excited for.  The feature is still very limited in adoption, so expect a wait for a while for it to see the normal users online.

Device encryption is a huge deal.  As we previously discussed, encryption is the saving grace for many people’s data and devices.  In pre-Lollipop builds and versions of Android, official and unofficial, you could choose to encrypt your device.  The process, however was lengthy and could, if interrupted, kill any amount of your data, the very data you were hoping to protect.  But with Lollipop as your operating system, you can enable encryption from first boot, and initial setup.  The process is fast, since there’s not much pre-existing data to encrypt, and since encryption is left on from then, data is encrypted as it gets acquired, so the process doesn’t have to take an hour and risk all of your precious data. All in all, Android is getting security-minded, and we couldn’t be happier.  If you use your phone for work, then you’ll find something to love in Lollipop.  If you use it for fun, and bring it everywhere with you, then you will definitely find something to love about the new sweet from Google.  Knowing as much as you do now, which feature are you most excited to see develop and mature over the course of the Lollipop namesake?  Which feature seems like it is the most essential to everyone, yet is only getting implemented across Android as a whole this fall?  Let us know down below.