It’s been a roller coaster ride for Android security over the years. From permissions issues to malware/ransomware to compromised ROMS, you name it, and it’s happened. Android developers have done a fairly remarkable job of keeping on top of the issues as they spring up, which is no easy feat. With each release of the platform, they take significant steps to improve the security of the mobile operating system.
Android 11 is no exception. The developers have added new features and dealt with a few pre-existing privacy and security issues. Let’s look at some of the bolder choices the developers made with Android 11. Also, don’t miss my list of Android 11’s best features and why I think Android 11 might be the Google’s best mobile OS ever.
SEE: Top Android security tips (free PDF) (TechRepublic)
Temporary and one-time app permissions
App permissions has been a sticky bit for security within the Android OS. Even though Android has seen vast improvements over this issue in the past few releases, there’s always room for improvement, which is exactly what the developers have done.
With Android 11, users are now able to grant certain permissions on an Only This Time, case-by-case basis. This option will appear when an app asks for permission to access:
If a user grants the one-time permission, the app will have access to the feature until the app is closed; when the app is re-opened, the user will have to grant access again. This feature is similar to one in iOS 13 and should go a long way to shore up a straggling insecurity that’s been around for some time.
Android 11 introduces a new feature that will block an app from requesting permissions if a user denies permissions twice. After denying an app permission twice, users will have to manually give the app permissions if they want the app to function properly.
Did someone say “permissions?”
One very serious concern on the Android platform is overlay attacks. An overlay attack has been widespread on Android and has one goal: Intercept credentials for accessing a target application. Overlays fake popular online services to trick the user into typing their login credentials for a site.
With Android 11, apps cannot directly take users to the authentication screen; instead, apps can only send users to the level before granting access to the overlay. Because of this, users will have to then enable the option. After you enable the app permission to the overlay, it will be possible for the app to draw over the screen. That one extra step might prevent users from randomly giving malware permission to access their data.
Goodbye background location access
With Android 11, apps are no longer be allowed to gather information in the background. The only time an app will be able to collect information is when it’s running. This will help shore up privacy issues by placing the user in control of when an app can gather data.
By November, if an app doesn’t meet this requirement, it will be automatically removed from the Google Play Store.
SEE: Hiring kit: Android developer (TechRepublic Premium)
Revoking unused app permissions
One final change to the permissions system. If you have an app that you’ve granted permissions for, and you don’t use that app for a few months (no one seems to know how many months is “a few”), the permissions will be revoked and can only be re-enabled manually.
This feature works on an app-by-app basis (Figure A) and isn’t enabled by default, so you’ll need to go through and enable the feature manually.
Scoped Storage returns
Back in Android Q beta 2, the developers announced Scoped Storage, which added a new set of rules regarding how apps are allowed to access storage. This caused such a stir that the devs decided to put it on hold for a year so app developers could take action to ensure their software would work with the feature. That time has come, and Scoped Storage has finally been added to the platform.
What is Scoped Storage? Scoped Storage creates isolated sandboxes for apps, so it no longer requires additional permissions to write files. The biggest draw to Scoped Storage is that an app will not be able to access any other app’s sandbox directly–this should add a considerable level of security to the platform.
The caveats to Scoped Storage are that it might cause a slight hit to Android performance, and some legacy apps will fail to function properly. But, the gained privacy and security should make those caveats more than acceptable.
Additional security changes in Android 11
Improvements to the BiometricPrompt API
Mobile Driver’s License support
Secure Storage to make it easier for apps to share data blobs
Expanded use of sanitizers to several security-centric components
Improved Call Screening
Introduction of the GnssAntennaInfo class for improved GPS privacy
Secure audio capture from USB device
Editor’s note: This article was updated to reflect the release of Android 11.