1 page.title=Security Enhancements in Android 5.0 2 @jd:body 3 4 <p>Every Android release includes dozens of security enhancements to protect 5 users. Here are some of the major security enhancements available in Android 6 5.0:</p> 7 8 <ul> 9 <li><strong>Encrypted by default.</strong> On devices that ship with L 10 out-of-the-box, full disk encryption is enabled by default to improve 11 protection of data on lost or stolen devices. Devices that 12 update to L can be encrypted in <strong>Settings</strong> > <strong>Security</strong>. 13 <li><strong>Improved full disk encryption.</strong> The user password is 14 protected against brute-force attacks using <code>scrypt</code> and, where 15 available, the key is bound to the hardware keystore to prevent 16 off-device attacks. As always, the Android screen lock secret and the device 17 encryption key are not sent off the device or exposed to any application. 18 <li><strong>Android sandbox reinforced with SELinux</strong>. Android now 19 requires SELinux in enforcing mode for all domains. SELinux is a 20 mandatory access control (MAC) system in the Linux kernel used to augment the 21 existing discretionary access control (DAC) security model. This new layer 22 provides additional protection against potential security vulnerabilities. 23 <li><strong>Smart Lock. </strong>Android now includes trustlets that provide 24 more flexibility for unlocking devices. For example, trustlets can allow 25 devices to be unlocked automatically when close to another trusted device (via 26 NFC, Bluetooth) or being used by someone with a trusted face. 27 <li><strong>Multi user, restricted profile, and guest modes for phones & 28 tablets.</strong> Android now provides for multiple users on phones and 29 includes a guest mode that can be used to provide easy temporary access to your 30 device without granting access to your data and apps. 31 <li><strong>Updates to WebView without OTA. </strong> WebView can now be 32 updated independent of the framework and without a system 33 OTA. This will allow for faster response to potential security issues in 34 WebView. 35 <li><strong>Updated cryptography for HTTPS and TLS/SSL.</strong> TLSv1.2 and 36 TLSv1.1 is now enabled, Forward Secrecy is now preferred, AES-GCM 37 is now enabled, and weak cipher suites (MD5, 3DES, and export cipher suites) 38 are now disabled. See <a 39 href="https://developer.android.com/reference/javax/net/ssl/SSLSocket.html">https://developer.android.com/reference/javax/net/ssl/SSLSocket.html</a> 40 for more details. 41 <li><strong>non-PIE linker support removed.</strong> Android now requires all 42 dynamically linked executables to support PIE 43 (position-independent executables). This enhances Androids address space 44 layout randomization (ASLR) implementation. 45 <li><strong>FORTIFY_SOURCE improvements.</strong> The following libc 46 functions now implement FORTIFY_SOURCE protections: <code>stpcpy()</code>, 47 <code>stpncpy()</code>, <code>read()</code>, <code>recvfrom()</code>, 48 <code>FD_CLR()</code>, <code>FD_SET()</code>, and <code>FD_ISSET()</code>. This 49 provides protection against memory-corruption vulnerabilities involving 50 those functions. 51 <li><strong>Security Fixes.</strong> Android 5.0 also includes fixes for 52 Android-specific vulnerabilities. Information about these vulnerabilities has 53 been provided to Open Handset Alliance members, and fixes are available in 54 Android Open Source Project. To improve security, some devices with earlier 55 versions of Android may also include these fixes. 56 </ul> 57
