http://blog.csdn.net/u011069813/article/details/14223337
图没贴过来。想看图的到上面的blog。
http://developer.android.com/about/versions/kitkat.html
http://developer.android.com/about/versions/android-4.4.html
1、恶意订购
ios根本就没有第三方应用能直接发短信和拦截短信。android号称开放。。一直不忍心阉割!
4.4先来一把手术刀。以后逐渐阉割。
4.4版本,只有被用户设置为缺省的短消息程序才能直接发短信、拦截短信。 让用户把第三方程序设置为缺省的短消息程序既需要勇气、也考验智商。不能直接发短信意味着恶意订购如何完成啊!
The Telephony content provider (the "SMS Provider") allows apps to read and write SMS and MMS messages on the device. It includes tables for SMS and MMS messages received, drafted, sent, pending, and more.
Beginning with Android 4.4, the system settings allow users to select a "default SMS app." Once selected, only the default SMS app is able to write to the SMS Provider and only the default SMS app receives theSMS_DELIVER_ACTION broadcast when the user receives an SMS or theWAP_PUSH_DELIVER_ACTION broadcast when the user receives an MMS. The default SMS app is responsible for writing details to the SMS Provider when it receives or sends a new message.
Other apps that are not selected as the default SMS app can only read the SMS Provider, but may also be notified when a new SMS arrives by listening for theSMS_RECEIVED_ACTION broadcast, which is a non-abortable broadcast that may be delivered to multiple apps. This broadcast is intended for apps that---while not selected as the default SMS app---need to read special incoming messages such as to perform phone number verification.
但是拦截短信这个功能对于**这样的国家确实很有价值啊,要不然广告泛滥啊。android很暧昧的说了一句,其它程序可以读取短信,但可能不能拦截。。。说明google内部还是有中国通,对中国房地产短信广告了解很深入。。。。
, but may also be notified when a new SMS arrives by listening for the SMS_RECEIVED_ACTION broadcast, which is a non-abortable broadcast that may be delivered to multiple apps
2、读取SD卡需要权限
长期以来,SD卡承担了存储的脏活累活,但一直当私生子。任何人都可以蹂躏她。
这次Google承认了他的地位,读写SD卡也需要申请权限。
Your app can not read shared files on the external storage when running on Android 4.4, unless your app has theREAD_EXTERNAL_STORAGE permission. That is, files within the directory returned bygetExternalStoragePublicDirectory() are no longer accessible without the permission. However, if you need to access only your app-specific directories, provided bygetExternalFilesDir(), then you do not need theREAD_EXTERNAL_STORAGE permission.
3、增加了几个权限
其实创建和删除快捷方式都可能被滥用的。。。。
The following are new permissions that your app must request with the <uses-permission> tag to use certain new APIs:
INSTALL_SHORTCUT
Allows an application to install a shortcut in Launcher
UNINSTALL_SHORTCUT
Allows an application to uninstall a shortcut in Launcher
TRANSMIT_IR
Allows an applicaiton to use the device's IR transmitter, if available
4、通知栏广告、垃圾的完善。
Notification listener services can now see more information about incoming notifications that were constructed using the notification builder APIs. Listener services can access a notification's actions as well as new extras fields — text, icon, picture, progress, chronometer, and many others — to extract cleaner information about the notification and present the information in a different way.
以后可以开发程序更细粒度的读取通知栏信息,以便过滤垃圾,维护祖国平安。
5、webkit
Chromium WebView来了。换了主帅的原因!
其实将内部的实现从当前缺省WebKit内核变了Chromium的内核。研究这部分的人注意了!
Android 4.4 includes a completely new implementation of WebView that's based onChromium. The new Chromium WebView gives you the latest in standards support, performance, and compatibility to build and display your web-based content.
Chromium WebView provides broad support for HTML5, CSS3, and JavaScript. It supports most of the HTML5 features available in Chrome for Android 30. It also brings an updated version of the JavaScript Engine (V8) that delivers dramatically improved JavaScript performance.
6、Common Encryption for DASH DRM是毫无意义的。。。关键是商业模式!
Android now supports the Common Encryption (CENC) for MPEG-DASH, providing a standard, multiplatform DRM scheme for managing protecting content. Apps can take advantage of CENC through Android's modular DRM framework and platform APIs for supporting DASH.
--------------------------------------------------------------------------------
7、SELinux (enforcing mode) 总算启用了,最关心的就是缺省策略是啥,以及OEM该如何定制!
Android 4.4 updates its SELinux configuration from "permissive" to "enforcing." This means potential policy violations within a SELinux domain that has an enforcing policy will be blocked.
8、Improved cryptographic algorithms 添加了椭圆曲线签名
Android has improved its security further by adding support for two more cryptographic algorithms. Elliptic Curve Digital Signature Algorithm (ECDSA) support has been added to the keystore provider improving security of digital signing, applicable to scenarios such as signing of an application or a data connection. The Scrypt
scrypt是由著名的FreeBSD黑客 Colin Percival为他的备份服务 Tarsnap开发的。
scrypt不仅计算所需时间长,而且占用的内存也多,使得并行计算多个摘要异常困难,因此利用rainbow table进行暴力攻击更加困难。scrypt没有在生产环境中大规模应用,并且缺乏仔细的审察和广泛的函数库支持。但是,scrypt在算法层面只要没有破绽,它的安全性应该高于PBKDF2和bcrypt
key derivation function is implemented to protect the cryptographic keys used for full-disk encryption.
目前用于全盘加密的密钥是通过pin经过PBKDF2(Password-Based Key Derivation Function)计算的,以后会是scrypt
9、Other enhancements VPN改进 老霸道了,我看懂了google下的一步大棋,你看懂了吗?
多用户模式,目前是平板,可以让一个用户的数据全部走VPN。
On multiuser devices, VPNs are now applied per user. This can allow a user to route all network traffic through a VPN without affecting other users on the device. Also, Android now supports FORTIFY_SOURCE level 2, and all code is compiled with those protections. FORTIFY_SOURCE has been enhanced to work with clang.
FORTIFY_SOURCE阻止内存破坏不便评论,linux早有了。。。
阿里云助力开发者!2核2G 3M带宽不限流量!6.18限时价,开
发者可享99元/年,续费同价!
