The Telephony content provider (the "SMS Provider") allows apps to read and write SMS and MMS messages on the device. It includes tables for SMS and MMS messages received, drafted, sent, pending, and more.
Beginning with Android 4.4, the system settings allow users to select a "default SMS app." Once selected, only the default SMS app is able to write to the SMS Provider and only the default SMS app receives theSMS_DELIVER_ACTION broadcast when the user receives an SMS or theWAP_PUSH_DELIVER_ACTION broadcast when the user receives an MMS. The default SMS app is responsible for writing details to the SMS Provider when it receives or sends a new message.
Other apps that are not selected as the default SMS app can only read the SMS Provider, but may also be notified when a new SMS arrives by listening for theSMS_RECEIVED_ACTION broadcast, which is a non-abortable broadcast that may be delivered to multiple apps. This broadcast is intended for apps that---while not selected as the default SMS app---need to read special incoming messages such as to perform phone number verification.
, but may also be notified when a new SMS arrives by listening for the SMS_RECEIVED_ACTION broadcast, which is a non-abortable broadcast that may be delivered to multiple apps
2、读取SD卡需要权限
长期以来,SD卡承担了存储的脏活累活,但一直当私生子。任何人都可以蹂躏她。
这次Google承认了他的地位,读写SD卡也需要申请权限。
Your app can not read shared files on the external storage when running on Android 4.4, unless your app has theREAD_EXTERNAL_STORAGE permission. That is, files within the directory returned bygetExternalStoragePublicDirectory() are no longer accessible without the permission. However, if you need to access only your app-specific directories, provided bygetExternalFilesDir(), then you do not need theREAD_EXTERNAL_STORAGE permission.
3、增加了几个权限
其实创建和删除快捷方式都可能被滥用的。。。。
The following are new permissions that your app must request with the <uses-permission> tag to use certain new APIs:
INSTALL_SHORTCUT
Allows an application to install a shortcut in Launcher
UNINSTALL_SHORTCUT
Allows an application to uninstall a shortcut in Launcher
TRANSMIT_IR
Allows an applicaiton to use the device's IR transmitter, if available
4、通知栏广告、垃圾的完善。
Notification listener services can now see more information about incoming notifications that were constructed using the notification builder APIs. Listener services can access a notification's actions as well as new extras fields — text, icon, picture, progress, chronometer, and many others — to extract cleaner information about the notification and present the information in a different way.
Android 4.4 includes a completely new implementation of WebView that's based onChromium. The new Chromium WebView gives you the latest in standards support, performance, and compatibility to build and display your web-based content.
Chromium WebView provides broad support for HTML5, CSS3, and JavaScript. It supports most of the HTML5 features available in Chrome for Android 30. It also brings an updated version of the JavaScript Engine (V8) that delivers dramatically improved JavaScript performance.
6、Common Encryption for DASH DRM是毫无意义的。。。关键是商业模式!
Android now supports the Common Encryption (CENC) for MPEG-DASH, providing a standard, multiplatform DRM scheme for managing protecting content. Apps can take advantage of CENC through Android's modular DRM framework and platform APIs for supporting DASH.
7、SELinux (enforcing mode) 总算启用了,最关心的就是缺省策略是啥,以及OEM该如何定制!
Android 4.4 updates its SELinux configuration from "permissive" to "enforcing." This means potential policy violations within a SELinux domain that has an enforcing policy will be blocked.
8、Improved cryptographic algorithms 添加了椭圆曲线签名
Android has improved its security further by adding support for two more cryptographic algorithms. Elliptic Curve Digital Signature Algorithm (ECDSA) support has been added to the keystore provider improving security of digital signing, applicable to scenarios such as signing of an application or a data connection. The Scrypt
scrypt是由著名的FreeBSD黑客 Colin Percival为他的备份服务 Tarsnap开发的。
scrypt不仅计算所需时间长,而且占用的内存也多,使得并行计算多个摘要异常困难,因此利用rainbow table进行暴力攻击更加困难。scrypt没有在生产环境中大规模应用,并且缺乏仔细的审察和广泛的函数库支持。但是,scrypt在算法层面只要没有破绽,它的安全性应该高于PBKDF2和bcrypt
key derivation function is implemented to protect the cryptographic keys used for full-disk encryption.
On multiuser devices, VPNs are now applied per user. This can allow a user to route all network traffic through a VPN without affecting other users on the device. Also, Android now supports FORTIFY_SOURCE level 2, and all code is compiled with those protections. FORTIFY_SOURCE has been enhanced to work with clang.
