Home | History | Annotate | Download | only in enhancements 
      1 page.title=Security Enhancements in Android 6.0
      2 @jd:body
      3 
      4 <p>Every Android release includes dozens of security enhancements to protect
      5 users. Here are some of the major security enhancements available in Android
      6 6.0:</p>
      7 <ul>
      8   <li><strong>Runtime Permissions</strong>. Applications request permissions at
      9     runtime instead of being granted at App
     10     install time. Users can toggle permissions on and off for both M and pre-M
     11     applications.</li>
     12   <li><strong>Verified Boot</strong>. A set of cryptographic checks of system
     13     software are conducted prior to
     14     execution to ensure the phone is healthy from the bootloader all the way up to
     15     the operating system.</li>
     16   <li><strong>Hardware-Isolated Security</strong>. New Hardware Abstraction
     17     Layer (HAL) used by Fingerprint API, Lockscreen,
     18     Device Encryption, and Client Certificates to protect keys against kernel
     19     compromise and/or local physical attacks</li>
     20   <li><strong>Fingerprints</strong>. Devices can now be unlocked with just a
     21     touch. Developers can also take
     22     advantage of new APIs to use fingerprints to lock and unlock encryption keys.</li>
     23   <li><strong>SD Card Adoption</strong>. Removable media can be
     24     <em>adopted</em> to a device and expand available storage for
     25     app local data, photos, videos, etc., but still be protected by block-level
     26     encryption.</li>
     27   <li><strong>Clear Text Traffic</strong>. Developers can use a new StrictMode
     28     to make sure their application doesn't use
     29     cleartext.</li>
     30   <li><strong>System Hardening</strong>. Hardening of the system via policies
     31     enforced by SELinux. This offers better
     32     isolation between users, IOCTL filtering, reduce threat of exposed services,
     33     further tightening of SELinux domains, and extremely limited /proc access.</li>
     34   <li><strong>USB Access Control:</strong> Users must confirm to allow USB
     35     access to files, storage, or other
     36     functionality on the phone. Default is now <em>charge only</em> with access
     37     to storage requiring explicit approval from the user.</li>
     38 </ul>
     39