Sign up to our newsletter
Google has outlined the enhanced security credentials of the upcoming Android 5.0 – nicknamed Lollipop – in an official blog post, BGR reports.
The post, entitled ‘A sweet Lollipop, with a kevlar wrapping: New security features in Android 5.0‘, highlights three features as especially noteworthy for the security conscious Android user.
The first is a system to encourage people to use lock screens, which despite being a decent deterrent to theft, many mobile users don’t have enabled due to the convenience of a quicker unlock. Google’s answer to that is to provide more ways to unlock the phone, including NFC, Bluetooth pairing or “simply your smile”. The update will also allow more notifications to be visible when the device is locked, giving the phone’s owner quick access to important info without compromising their security.
The second area is data encryption by default. Google writes that “full device encryption occurs at first boot, using a unique key that never leaves the device”, boasting that it’s “the safest way to encrypt your device.” CNET notes that “users who upgrade older Android devices to Lollipop still must activate device encryption on their own,” however.
The third piece of the puzzle is Security Enhanced Linux, which from Android 5.0 onwards will be “required for all applications on all devices.” The blog post claims that this enhancement was assisted by the ‘broader security community’, with the open nature of Android allowing crowdsourced security wisdom.
CNET is positive about the improvements, and suggests it indicates a sea-change in how the big mobile players are changing their outlook on security from “merely offering security features to mandating their use, and at the same time, making them easier to use.”
Alongside these changes, Android 5.0 will be the first version of the OS to include the much vaunted Factory Reset Protection, which will require the owner’s Google password to wipe the phone’s data, reducing a phone’s appeal to thieves. Unfortunately, for now this feature is opt-in, though CNET suggests this may just be a first step, with California law mandating that all smartphones sold within the state having default kill switches by July 1 2015.
Author Alan Martin, ESET