Advertisment

Security issues in Android 5.0 Lollipop

Smartphones itself have always been a security risk. However, Google’s new Android version 5.0 aka Lollipop is set to change the security paradigm

author-image
Sanghamitra Kar
Updated On
New Update
Govind escan

Govind Rammurthy

Advertisment

Smartphones itself have always been a security risk. However, Google’s new Android version 5.0 aka Lollipop is set to change the security paradigm which had plagued these devices since it made its foray into main-stream of computing. With so many security risks at helm, users have been finding it difficult to gauge the gravity of the risks associated with Smartphone based computing.

Even today numerous Smartphone users have not enabled the basic security features .i.e. Pattern/PIN/Password protection. It is a general perception that it takes wee bit longer to unlock the phone. In order to address this, Lollipop has introduced ‘Smart Lock’ that allows the users to unlock their phones using Bluetooth pairing and Near Field Communication (NFC) / gestures. Moreover, this feature allows users to configure the phone so that certain notifications are accessible directly from the lock screen.

However, this feature is just a facilitator to restrict direct access to certain apps. The most commonly used apps such as messaging services (SMS, WhatsApp, etc.) would in all probability be added by the users so as to allow them to access the content while bypassing the lock. This, in turn essentially nullifies the effect of the very need of a phone lock. Users need to be judicious while choosing the apps, while never forgetting the fact that the entire gambit of maintaining security is now in their own hands.

Advertisment

Ease in communication and the ever increasing size of storage media has given rise to faster data mobility. However, this has also led to increasing incidents of data been stolen and misused. Previously users were wary of the fact that their data is not safe, especially when it is stored in a Smartphone. Moreover, the recent incidents of data theft have made it mandatory for the users as well as the organizations to think about Data encryption at the lowest possible level i.e. Full Disk Encryption.

Google has demonstrated that it understands the new age risks and has enabled Full Device encryption by default on new devices running Lollipop.

According to the Google’s Android team, “Full device encryption occurs at first boot, using a unique key that never leaves the device.”

Advertisment

Not just Full Disk Encryption, but Security Enhanced Linux (SELinux) feature which was introduced last year has now been strengthened even more to meet the needs of enterprise customers.

Keeping in mind the enterprise customer, multiple user accounts has been added, similar to what the Windows / Linux users have been using on their desktops/laptops, wherein they are also to separate out their professional tasks with personal activities, by creating a corporate profile.

Anti-theft solutions which are presently available in the market have been pitching the ‘Kill Switch’ through their software. Taking in to consideration the usability of this feature, Google’s Android team has provided ‘Factory Reset Protection’ feature that is designed to make stolen devices unusable. This would surely be an added advantage as without knowing the password it would virtually be impossible to perform a factory reset.

With so many security features being provided, it would be interesting to keep a tab on the bugs/Zero-days which might be discovered and the most dreaded question of ‘OS Patch’ will still be troubling those service providers / Smartphone manufacturers who do not provide auto update/push the security patches in a timely manner.

The author is the MD & CEO, eScan

android security experts