Consistent authentication, required HTTPS encryption, and better notifications are all coming to Google's open source OS.
Building a slide deck, pitch, or presentation? Here are the big takeaways:
- Android P will require encryption for data traffic, passwords for encrypted backups, and notifications for background sensor operation, along with a more consistent fingerprint scanner.
- The new security features in Android P will help establish Android as an enterprise-ready OS, making it more competitive with iOS in business.
Google launched the developer preview of Android P on Wednesday and, along with a host of new features and APIs, the latest version of the open source OS has some security improvements as well.
The new security updates, which run the gamut from encryption to biometric authentication, will better establish Android as a viable option in the enterprise. It could also help the OS better compete with iOS for business users.
As noted by Zack Whittaker, of our sister site ZDNet, Android P will require apps to encrypt data traffic over HTTPS. It will also require a passcode to restore an encrypted backup as well.
SEE: Encryption policy template (Tech Pro Research)
When it comes to sensors, or the device's microphone or camera, Android P will not allow apps to use these sensors without first alerting the user. Idle apps will also have their access to these tools revoked.
To help with authentication, Android P will have a more consistent fingerprint authentication dialog across apps. This is to help users feel as if they are authenticating through a trusted fingerprint credential checker, the Android P website said.
A new high-assurance user confirmation can also be enabled in supported Android P device that will allow an app to prompt a user to reaffirm that he or she would like to conduct a sensitive transaction. This could be useful in mobile payments, for example, the website said.
Certain supported devices that launch with Android P will also have a secure hardware module called StrongBox Keymaster, further boosting security. Speaking of keys, Android P also adds "the ability to import encrypted keys securely into the Keystore using a new ASN.1‑encoded key format," the site noted.
For apps targeting Android P, there will be some security behavior changes as well. As noted, network TLS will be enabled by default, but Android P will also separate web-based data directories by process and per-app SELinux domains--this means that apps targeting Android P "can no longer share data with other apps using world-accessible Unix permissions," the site said.
- Special report: Cybersecurity in an IoT and mobile world (free PDF) (TechRepublic)
- Here's how Android P promises to protect your privacy (ZDNet)
- Mobile malware: Cheat Sheet (TechRepublic)
- Android Oreo vs Android One vs Android Go: All their differences, explained (ZDNet)
- These Android smartphone OEMs provide the fastest security updates to users (TechRepublic)