If the Android 11 beta is an indication, Jack Wallen predicts it will be the most secure and best performing release. Developers and pro users, read about security and privacy features in Android 11.
It’s been a roller coaster ride for Android security over the years. From permissions issues to malware/ransomware to compromised ROMS, you name it, and it’s happened. The developers have done a fairly remarkable job of keeping on top of the issues as they spring up, which is no easy feat. With each release of the platform, they take significant steps to improve the security of the mobile operating system.
The upcoming release of Android 11 is no exception. The developers have added new features and dealt with a few pre-existing privacy and security issues. Let’s take a look at some of the bolder choices they’ve made with the platform.
SEE: Top Android security tips (free PDF) (TechRepublic)
Temporary and one-time app permissions
App permissions has been a sticky bit for security within the Android OS. Even though Android has seen vast improvements over this issue in the past few releases, there’s always room for improvement, which is exactly what the developers have done.
With Android 11, users will be able to grant certain permissions on an Only This Time, case-by-case basis. This option will appear when an app asks for permission to access:
If a user grants the one-time permission, the app will have access to the feature until the app is closed. When the app is re-opened, the user will have to grant access again. This feature is similar to that found in iOS 13 and should go a long way to shore up a straggling insecurity that’s been around for some time.
Android 11 introduces a new feature that will block an app from requesting permissions if a user denies permissions twice. After denying an app permission twice, users will have to manually give the app permissions if they want the app to function properly.
Did someone say “permissions?”
One very serious concern on the Android platform is overlay attacks. An overlay attack has been widespread on Android and has one goal: Intercept credentials for accessing a target application. Overlays fake popular online services to trick the user into typing their login credentials for a site.
With Android 11, apps cannot directly take users to the authentication screen. Instead, apps can only send users to the level before granting access to the overlay. Because of this, users will have to then enable the option. Once you’ve enabled the app permission to the overlay, it’ll be possible for the app to then draw over the screen. That one extra step might prevent users from randomly giving malware permission to access their data.
Goodbye background location access
With Android 11, apps will no longer be allowed to gather information in the background. The only time an app will be able to collect information is when it’s running. This will help shore up privacy issues by placing the user in control of when an app can gather data.
Developers have until August to ensure their apps meet this new requirement. By November, if any app doesn’t meet this requirement, it will be automatically removed from the Google Play Store.
Revoking unused app permissions
One final change to the permissions system. If you have an app that you’ve granted permissions for, and you don’t use that app for a few months (no one seems to know how many months is “a few”), the permissions will be revoked and can only be re-enabled manually.
As of the latest beta release, this feature is disabled by default and works on an app-by-app basis (Figure A). It is unknown if Google plans on enabling the feature out of the box.
Scoped Storage returns
Back in Android Q beta 2, the developers announced Scoped Storage, which added a new set of rules regarding how apps are allowed to access storage. This caused quite the stir, causing the devs to decide to put it on hold for a year so app developers could take action to ensure their software would work with the feature. That time has come, and Scoped Storage is finally set to be added to the platform.
What is Scoped Storage? Scoped Storage creates isolated sandboxes for apps, so it no longer requires additional permissions to write files. The biggest draw to Scoped Storage is that an app will not be able to access any other app’s sandbox directly–this should add a considerable level of security to the platform.
The caveats to Scoped Storage are that it might cause a slight hit to Android performance, and some legacy apps will fail to function properly. But, the gained privacy and security should make those caveats more than acceptable.
Additional security changes in Android 11
Improvements to the BiometricPrompt API
Mobile Driver’s License support
Secure Storage to make it easier for apps to share data blobs
Expanded use of sanitizers to several security-centric components
Improved Call Screening
Introduction of the GnssAntennaInfo class for improved GPS privacy
Secure audio capture from USB device