1 <html devsite> 2 <head> 3 <title>Security Enhancements in Android 6.0</title> 4 <meta name="project_path" value="/_project.yaml" /> 5 <meta name="book_path" value="/_book.yaml" /> 6 </head> 7 <body> 8 <!-- 9 Copyright 2017 The Android Open Source Project 10 11 Licensed under the Apache License, Version 2.0 (the "License"); 12 you may not use this file except in compliance with the License. 13 You may obtain a copy of the License at 14 15 http://www.apache.org/licenses/LICENSE-2.0 16 17 Unless required by applicable law or agreed to in writing, software 18 distributed under the License is distributed on an "AS IS" BASIS, 19 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20 See the License for the specific language governing permissions and 21 limitations under the License. 22 --> 23 24 25 26 <p>Every Android release includes dozens of security enhancements to protect 27 users. Here are some of the major security enhancements available in Android 28 6.0:</p> 29 <ul> 30 <li><strong>Runtime Permissions</strong>. Applications request permissions at 31 runtime instead of being granted at App 32 install time. Users can toggle permissions on and off for both M and pre-M 33 applications.</li> 34 <li><strong>Verified Boot</strong>. A set of cryptographic checks of system 35 software are conducted prior to 36 execution to ensure the phone is healthy from the bootloader all the way up to 37 the operating system.</li> 38 <li><strong>Hardware-Isolated Security</strong>. New Hardware Abstraction 39 Layer (HAL) used by Fingerprint API, Lockscreen, 40 Device Encryption, and Client Certificates to protect keys against kernel 41 compromise and/or local physical attacks</li> 42 <li><strong>Fingerprints</strong>. Devices can now be unlocked with just a 43 touch. Developers can also take 44 advantage of new APIs to use fingerprints to lock and unlock encryption keys.</li> 45 <li><strong>SD Card Adoption</strong>. Removable media can be 46 <em>adopted</em> to a device and expand available storage for 47 app local data, photos, videos, etc., but still be protected by block-level 48 encryption.</li> 49 <li><strong>Clear Text Traffic</strong>. Developers can use a new StrictMode 50 to make sure their application doesn't use 51 cleartext.</li> 52 <li><strong>System Hardening</strong>. Hardening of the system via policies 53 enforced by SELinux. This offers better 54 isolation between users, IOCTL filtering, reduce threat of exposed services, 55 further tightening of SELinux domains, and extremely limited /proc access.</li> 56 <li><strong>USB Access Control:</strong> Users must confirm to allow USB 57 access to files, storage, or other 58 functionality on the phone. Default is now <em>charge only</em> with access 59 to storage requiring explicit approval from the user.</li> 60 </ul> 61 62 </body> 63 </html> 64
