•Application verification — Users can choose to enable “Verify Apps" and have applications screened by an application verifier, prior to installation. App verification can alert the user if they try to install an app that might be harmful; if an application is especially bad, it can block installation.
安装前可以通过连接到google云进行在线检测,如果结果不理想。。。可以不安装。
核心就是检测的原理和效果如何-------后续专题介绍
Verify apps over usb — 为了调试方便,通过usb安装应用时禁用应用检查,但在其余的诸如浏览器来源的应用上仍保持此验证过程。这有助于在保持安全选项打开的情况下,加速应用开发。
•More control of premium SMS — Android will provide a notification if an application attempts to send SMS to a short code that uses premium services which might cause additional charges. The user can choose whether to allow the application to send the message or block it.
恶意订购赶脚就在中国比较猖獗吧。这次android会在程序自动发短信api时弹出确认对话框。
其实这个API根本没有存在的必要,调用系统的短信应用即可(这也是给程序猿的建议。)
后续android的安全新进展就是对这些敏感api的控制了!!要嘛是运行时弹框,要嘛直接删除!
•Always-on VPN — VPN can be configured so that applications will not have access to the network until a VPN connection is established. This prevents applications from sending data across other networks.
灰常牛逼的功能。可以控制每个应用的VPN策略,如果配以MDM的远程管理。这是DLP的衍生啊!防止数据外泄的有效手段。本来我们是通过SEAdnroid 和IPtables实现的。
•Certificate Pinning — The libcore SSL implementation now supports certificate pinning. Pinned domains will receive a certificate validation failure if the certificate does not chain to a set of expected certificates. This protects against possible compromise of Certificate Authorities.
PC上证书机制比较健全了,双向SSL也比较完善,根证书的存储和管理也比较完善。 手机不然,很容易被MITM。程序猿也容易咋程序处理中简化处理。
•Improved display of Android permissions — Permissions have been organized into groups that are more easily understood by users. During review of the permissions, the user can click on the permission to see more detailed information about the permission.
谁都看不懂的权限提示和分类,一大堆学术论文研究这儿。。。。
•installd hardening — The installd daemon does not run as the root user, reducing potential attack surface for root privilege escalation.
installd 确实没必要uid=0.。。很容易被攻击。
•init script hardening — init scripts now apply O_NOFOLLOW semantics to prevent symlink related attacks.
防止symlink攻击的!
•FORTIFY_SOURCE — Android now implements FORTIFY_SOURCE. This is used by system libraries and applications to prevent memory corruption.
detect and prevent a subset of the buffer overflows before they can do damage. The idea behind FORTIFY_SOURCE is relatively simple: there are cases where the compiler can know the size of a buffer (if it’s a fixed sized buffer on the stack, as in the example, or if the buffer just came from a malloc() function call). With a known buffer size, functions that operate on the buffer can make sure the buffer will not overflow. FORTIFY_SOURCE in Fedora 8 has been enhanced to cover C++ in addition to C, which prevents many security exploits.
•ContentProvider default configuration — Applications which target API level 17 will have “export” set to “false” by default for each ContentProvider, reducing default attack surface for applications.
组件安全的问题,这个玩意尽然缺省是导出的。。。现在改为不导出。
•Cryptography — Modified the default implementations of SecureRandom and Cipher.RSA to use OpenSSL. Added SSLSocket support for TLSv1.1 and TLSv1.2 using OpenSSL 1.0.1
以后还得增强。。这都是基础的!
•Security Fixes — Upgraded open source libraries with security fixes include WebKit, libpng, OpenSSL, and LibXML. Android 4.2 also includes fixes for Android-specific vulnerabilities. Information about these vulnerabilities has been provided to Open Handset Alliance members and fixes are available in Android Open Source Project. To improve security, some devices with earlier versions of Android may also include these fixes.
漏洞patch了。
