fuquan/allwinner_a64
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
allwinner_a64/android/docs/source.android.com/en/security/enhancements/enhancements42.html
August 5425409085 upload android base code part8
2018-08-08 20:10:12 +08:00

85 lines
4.1 KiB
HTML
Raw Permalink Blame History

<html devsite>
<head>
<title>Security Enhancements in Android 4.2</title>
<meta name="project_path" value="/_project.yaml" />
<meta name="book_path" value="/_book.yaml" />
</head>
<body>
<!--
Copyright 2017 The Android Open Source Project
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<p>
Android provides a multi-layered security model described in the <a href="/security/index.html">Android
Security Overview</a>. Each update to Android includes dozens of
security enhancements to protect users. The following are some of the security
enhancements introduced in Android 4.2:</p>
<ul>
<li><strong>Application verification</strong> - Users can choose to enable “Verify Apps" and
have applications screened by an application verifier, prior to installation.
App verification can alert the user if they try to install an app that might be
harmful; if an application is especially bad, it can block installation.</li>
<li><strong>More control of premium SMS</strong> - Android will provide a notification if an
application attempts to send SMS to a short code that uses premium services
which might cause additional charges. The user can choose whether to allow the
application to send the message or block it.</li>
<li><strong>Always-on VPN</strong> - VPN can be configured so that applications will not have
access to the network until a VPN connection is established. This prevents
applications from sending data across other networks.</li>
<li><strong>Certificate Pinning</strong> - The Android core libraries now support
<a href="https://developer.android.com/reference/android/net/http/X509TrustManagerExtensions.html">certificate pinning</a>.
Pinned domains will receive a certificate validation
failure if the certificate does not chain to a set of expected certificates.
This protects against possible compromise of Certificate Authorities.</li>
<li><strong>Improved display of Android permissions</strong> - Permissions have been organized
into groups that are more easily understood by users. During review of the
permissions, the user can click on the permission to see more detailed
information about the permission.</li>
<li><strong>installd hardening</strong> - The <code>installd</code> daemon does not run as the root user,
reducing potential attack surface for root privilege escalation.</li>
<li><strong>init script hardening</strong> - init scripts now apply <code>O_NOFOLLOW</code> semantics to
prevent symlink related attacks.</li>
<li><strong>FORTIFY_SOURCE</strong> - Android now implements <code>FORTIFY_SOURCE</code>. This is used by
system libraries and applications to prevent memory corruption.</li>
<li><strong>ContentProvider default configuration</strong> - Applications which target API
level 17 will have "export" set to "false" by default for each
<a href="https://developer.android.com/reference/android/content/ContentProvider.html">Content
Provider</a>, reducing default attack surface for applications.</li>
<li><strong>Cryptography</strong> - Modified the default implementations of SecureRandom and
Cipher.RSA to use OpenSSL. Added SSL Socket support for TLSv1.1 and TLSv1.2
using OpenSSL 1.0.1</li>
<li><strong>Security Fixes</strong> - Upgraded open source libraries with security fixes include
WebKit, libpng, OpenSSL, and LibXML. Android 4.2 also includes fixes for
Android-specific vulnerabilities. Information about these vulnerabilities has
been provided to Open Handset Alliance members and fixes are available in
Android Open Source Project. To improve security, some devices with earlier
versions of Android may also include these fixes.</li>
</ul>
</body>
</html>
Reference in a new issue View git blame Copy permalink