1 <html devsite> 2 <head> 3 <title>Security Enhancements in Android 4.4</title> 4 <meta name="project_path" value="/_project.yaml" /> 5 <meta name="book_path" value="/_book.yaml" /> 6 </head> 7 <body> 8 <!-- 9 Copyright 2017 The Android Open Source Project 10 11 Licensed under the Apache License, Version 2.0 (the "License"); 12 you may not use this file except in compliance with the License. 13 You may obtain a copy of the License at 14 15 http://www.apache.org/licenses/LICENSE-2.0 16 17 Unless required by applicable law or agreed to in writing, software 18 distributed under the License is distributed on an "AS IS" BASIS, 19 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20 See the License for the specific language governing permissions and 21 limitations under the License. 22 --> 23 24 25 26 <p> 27 Every Android release includes dozens of security enhancements to protect 28 users. The following are some of the security enhancements available 29 in Android 4.4: 30 </p> 31 32 <ul> 33 <li><strong>Android sandbox reinforced with SELinux.</strong> 34 Android now uses SELinux in enforcing mode. SELinux is a mandatory 35 access control (MAC) system in the Linux kernel used to augment the 36 existing discretionary access control (DAC) based security model. 37 This provides additional protection against potential security 38 vulnerabilities.</li> 39 40 <li><strong>Per User VPN.</strong> 41 On multi-user devices, VPNs are now applied per user. 42 This can allow a user to route all network traffic through a VPN 43 without affecting other users on the device.</li> 44 45 <li><strong>ECDSA Provider support in AndroidKeyStore.</strong> 46 Android now has a keystore provider that allows use of ECDSA and 47 DSA algorithms.</li> 48 49 <li><strong>Device Monitoring Warnings.</strong> 50 Android provides users with a warning if any certificate has been 51 added to the device certificate store that could allow monitoring of 52 encrypted network traffic.</li> 53 54 <li><strong>FORTIFY_SOURCE.</strong> 55 Android now supports FORTIFY_SOURCE level 2, and all code is compiled 56 with these protections. FORTIFY_SOURCE has been enhanced to work with 57 clang.</li> 58 59 <li><strong>Certificate Pinning.</strong> 60 Android 4.4 detects and prevents the use of fraudulent Google 61 certificates used in secure SSL/TLS communications.</li> 62 63 <li><strong>Security Fixes.</strong> 64 Android 4.4 also includes fixes for Android-specific vulnerabilities. 65 Information about these vulnerabilities has been provided to Open 66 Handset Alliance members and fixes are available in Android Open Source 67 Project. To improve security, some devices with earlier versions of 68 Android may also include these fixes.</li> 69 70 </ul> 71 72 </body> 73 </html> 74
