Android 5.0: Lollipop Gets Serious About Security

It’s never easy being No. 1, as Windows XP discovered in the first decade of the 20th century. Mischief-makers attacked Windows XP because 80 percent of the world’s population used it, giving Windows a nagging reputation — which is somewhat unfair — of being significantly less secure than Mac. Mobile malware makers target Android for the same reason that others targeted Windows XP. Since most people who have mobile devices use the Android operating system, attackers who compromise Android get more bang for their effort.

In its 5.0 release, Android has taken some cues from iOS and added some new security features. Because the threat landscape is always shifting, it’s still prudent to install Android security software on any Android phone or tablet. However, people who have gravitated toward iOS for security reasons might find that Lollipop gives them a reason to switch to Android.

Better Access Management

One of the simplest updates Android 5.0 includes is improved access management. It accomplishes this through two main features: Smart Lock and multiple user roles.

Smart Lock

Using Near-Field Communication (NFC) or Bluetooth, Android users can unlock their phones simply by tapping them on an NFC tag or putting them near a paired device. When they’re not near any of these devices, the password, pattern, or PIN lock is re-enabled.

Multiple User Roles

Jelly Bean allowed Android tablet users to set up multiple user roles, and now Lollipop extends this functionality to Android phones. Device owners can create roles for other family members who use the device, deciding which apps they can access and enabling specified settings. Lollipop also features a guest mode, which gives someone quick access to an Android phone without giving access to data or apps.

Enhanced Encryption

Android 5.0 features several improved encryption features that prevent data theft from lost or stolen phones as well as improve browser and application security.

Default Encryption

Instead of requiring users to enable encryption on Android phones, Lollipop encrypts phones by default, which keeps thieves from accessing data without the password. Also, where past versions kept the device encryption and lock secret on the phone, Lollipop also binds the key to the hardware keystore and provides added protection against brute force passcode attacks.

Better Cryptography

Lollipop has disabled weak cipher suites such as 3DES, export, and MD5. Also, Android 5.0 establishes a preference for Forward Secrecy to protect session keys if the long-term key is compromised later, and it adds AES-GCM for encryption that doesn’t compromise performance.

WebView Security

WebView allows applications to display browser windows without opening an Android phone’s default browser. However, because WebView supports JavaScript, it’s can pass malicious code to the device through the application interface. In the past, attackers used this vulnerability to start a reverse handler, or install a malicious URL, which could open a shell on the user’s device. Users accessed the URL through a phishing email or by scanning a malicious QR code, and the attacker executed code remotely on the device.

Now, WebView is updatable from Google Play, which means that every application in the phone will use the same updated version of WebView, and users won’t have to download an OS update to keep WebView current. From a security standpoint, this allows for fast response to WebView security issues without an OS update.

Buffer Overflow Protection

Android security products don’t always prevent buffer overflow attacks, but new features in Lollipop can keep those attacks at bay.

Fortify_Source

Certain OS commands, like strcpy, execute without an awareness of buffer length. Several OS functions now utilize Fortify_Source protection in Android 5.0, which stops them from executing code that generates buffer overflows.

Position-Independent Executables (PIE)

Position-independent code keeps attackers from accessing existing executable code within memory to execute remote commands. PIEs are simply executable binaries made from position-independent code, and Android 5.0 no longer allows non-PIE linker support for dynamically executable code.

Conclusion

In addition to adding security features, Android 5.0 has significantly improved both design and usability compared to previous versions. Unfortunately, its popularity is its Achilles heel. Because Android remains the top mobile OS, it will remain a popular attack target, like Windows XP before it.

Lollipop is rolling out to Nexus devices and Google Play Edition devices. HTC, LG, Samsung, and Sony have all announced that they’ll get the update, just not when they’ll get it.