63 lines
2.8 KiB
HTML
63 lines
2.8 KiB
HTML
<html devsite>
|
|
<head>
|
|
<title>Security Enhancements in Android 6.0</title>
|
|
<meta name="project_path" value="/_project.yaml" />
|
|
<meta name="book_path" value="/_book.yaml" />
|
|
</head>
|
|
<body>
|
|
<!--
|
|
Copyright 2017 The Android Open Source Project
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
-->
|
|
|
|
|
|
|
|
<p>Every Android release includes dozens of security enhancements to protect
|
|
users. Here are some of the major security enhancements available in Android
|
|
6.0:</p>
|
|
<ul>
|
|
<li><strong>Runtime Permissions</strong>. Applications request permissions at
|
|
runtime instead of being granted at App
|
|
install time. Users can toggle permissions on and off for both M and pre-M
|
|
applications.</li>
|
|
<li><strong>Verified Boot</strong>. A set of cryptographic checks of system
|
|
software are conducted prior to
|
|
execution to ensure the phone is healthy from the bootloader all the way up to
|
|
the operating system.</li>
|
|
<li><strong>Hardware-Isolated Security</strong>. New Hardware Abstraction
|
|
Layer (HAL) used by Fingerprint API, Lockscreen,
|
|
Device Encryption, and Client Certificates to protect keys against kernel
|
|
compromise and/or local physical attacks</li>
|
|
<li><strong>Fingerprints</strong>. Devices can now be unlocked with just a
|
|
touch. Developers can also take
|
|
advantage of new APIs to use fingerprints to lock and unlock encryption keys.</li>
|
|
<li><strong>SD Card Adoption</strong>. Removable media can be
|
|
<em>adopted</em> to a device and expand available storage for
|
|
app local data, photos, videos, etc., but still be protected by block-level
|
|
encryption.</li>
|
|
<li><strong>Clear Text Traffic</strong>. Developers can use a new StrictMode
|
|
to make sure their application doesn't use
|
|
cleartext.</li>
|
|
<li><strong>System Hardening</strong>. Hardening of the system via policies
|
|
enforced by SELinux. This offers better
|
|
isolation between users, IOCTL filtering, reduce threat of exposed services,
|
|
further tightening of SELinux domains, and extremely limited /proc access.</li>
|
|
<li><strong>USB Access Control:</strong> Users must confirm to allow USB
|
|
access to files, storage, or other
|
|
functionality on the phone. Default is now <em>charge only</em> with access
|
|
to storage requiring explicit approval from the user.</li>
|
|
</ul>
|
|
|
|
</body>
|
|
</html>
|