1 page.title=Security Enhancements in Android 4.4 2 @jd:body 3 4 <p> 5 Every Android release includes dozens of security enhancements to protect 6 users. The following are some of the security enhancements available 7 in Android 4.4: 8 </p> 9 10 <ul> 11 <li><strong>Android sandbox reinforced with SELinux.</strong> 12 Android now uses SELinux in enforcing mode. SELinux is a mandatory 13 access control (MAC) system in the Linux kernel used to augment the 14 existing discretionary access control (DAC) based security model. 15 This provides additional protection against potential security 16 vulnerabilities.</li> 17 18 <li><strong>Per User VPN.</strong> 19 On multi-user devices, VPNs are now applied per user. 20 This can allow a user to route all network traffic through a VPN 21 without affecting other users on the device.</li> 22 23 <li><strong>ECDSA Provider support in AndroidKeyStore.</strong> 24 Android now has a keystore provider that allows use of ECDSA and 25 DSA algorithms.</li> 26 27 <li><strong>Device Monitoring Warnings.</strong> 28 Android provides users with a warning if any certificate has been 29 added to the device certificate store that could allow monitoring of 30 encrypted network traffic.</li> 31 32 <li><strong>FORTIFY_SOURCE.</strong> 33 Android now supports FORTIFY_SOURCE level 2, and all code is compiled 34 with these protections. FORTIFY_SOURCE has been enhanced to work with 35 clang.</li> 36 37 <li><strong>Certificate Pinning.</strong> 38 Android 4.4 detects and prevents the use of fraudulent Google 39 certificates used in secure SSL/TLS communications.</li> 40 41 <li><strong>Security Fixes.</strong> 42 Android 4.4 also includes fixes for Android-specific vulnerabilities. 43 Information about these vulnerabilities has been provided to Open 44 Handset Alliance members and fixes are available in Android Open Source 45 Project. To improve security, some devices with earlier versions of 46 Android may also include these fixes.</li> 47 48 </ul> 49
