Android Lollipop AH-12

Google Details Android 5.0 Lollipop’s Tough Center of Security Features

October 28, 2014 - Written By Phil Bourget

Security.  It’s something that many people, if not all of them, strive to have in many aspects of life.  People want security in their finances, and their financial futures.  They want security for their homes, and therefore the people in them.  But something that people have been crying out to have secured is their devices, and therefore their data.  No, not their computers.  Their Android devices.

Android has historically been the more unsecured and viable target for hackers and malicious folks online, and many have called Android the riskier mobile OS to be using daily and exclusively.  But, with the latest iteration of Android, version 5.0 Lollipop, the Android team has upped the ante for security, and in a big way that you might never even see.

First, as with all things digital, you can set a lock of some kind, like a password, a PIN, or pattern across a grid of dots.  But those are easy, and they’re easier to copy than everything except having no screen lock at all.  People, including myself, have a gripe with screen locks, and that’s time it takes to perform it.  But, beginning in Lollipop, you can set up trusted Bluetooth devices, like your headset, car, or smartwatch, and the lock will only be activated when the two aren’t connected.  It’s set up to have the trusted device be like an usher, letting you into your secured device, so without one, you’ll need to prove you belong inside by unlocking it in the traditional way: securely.

Next, and this will make many people happy, is encryption.  Sound fun?  Well, encryption itself, for many Android users, isn’t inherently enjoyable, or even interacted with regularly, so why does it matter?  If your device is encrypted, which was an option that you previously had to manually turn on in Android Kit Kat, 4.4.4, and below, your data cannot be accessed without decrypting it, which happened when the device booted.  Now, with Lollipop, encryption is default, out of sight, and better than ever.  The biggest reason is that it happens for the first time when you first power your Lollipop-clad device on and boot into it to set it up.  Encryption is now built into the kernel as well.

Let me explain what the kernel is first.  A kernel in Android is a little bit of code, and therefore software, that is the link between the hardware, like a processor, camera, Wi-Fi antenna, or touchscreen display, and the firmware, the Android OS that you interact with on the device.  The kernel is key, because it is what starts up when the device boots up, so if it has vulnerabilities and someone knows and has exploited that, then your device is entirely at risk.  That problem was first tackled when Google and Android worked to develop an SELinux (Security-Enhanced Linux) kernel for Android, to help remove many of the fatal vulnerabilities within Android.  Now, in Lollipop, SELinux is even more secure, fixing even more possible ways in, so that enterprise-minded users and companies can use Android safely and with peace of mind like they should.  What it means for average folks like you and me is that our data and devices will be / are more secure and our data is safer on them.

Which feature are you most excited about seeing mass adoption of?  Which issue do you think will annoy more people than it will help?  Do you think Google and Android should leave us to protect what we please, rather than forcing it upon us, however good-willed the effort might be?  Let us know down below.