There are a number of areas in which the latest version of Android, 4.4/KitKat, could be improved to prevent security incidents, according to Catalin Cosoi, chief security strategist at anti-virus provider Bitdefender.
With KitKat being based on the Android Open Source Project, Cosoi said there are few visible changes in terms of security compared to version 4.3 (Jelly Bean). However, there are some changes that could have an impact.
The first is that the App Ops functionality in Android 4.3, which allows users to selectively deny app permissions, has been removed in release 4.4. “We expected this feature to go live with KitKat, but, apparently it is no longer accessible via the Activity Launcher hack,” said Cosoi.
Prior to last week’s launch of KitKat, Cosoi said allowing control of app permissions would improve security, by allowing users to accept or deny permission requests. Cosoi felt Android 4.3 went part of the way to address the issue but could have gone further.
One area KitKat does address is fragmentation. By designing the latest OS to work on lower-spec smartphones as well as those at the high-end, Google is allowing the latest update to be accessible for more Android users. This will be a boost for mobile device management and security across enterprise organisations.
Cosoi previously noted there is scope for KitKat to address a number of app security issues that have affected the OS in the past — such as USSD-based attacks and the MasterKey bug.
A scanning API would allow anti-malware providers integrate better with KitKat, ensuring apps are more effectively scanned. In addition, the ability for anti-theft tools to survive a factory reset of a device would also improve security, as it would mean thieves are unable to make use of devices even if they wipe existing data.
A built-in sandbox isolating apps that come from untrusted sources would also be a positive addition, according to Cosoi. This means users could run the program in the sandbox and monitor its behaviour before deciding whether to run it on their device.
Finally, the ability to separate business and personal profiles would avoid confidential data being shared inappropriately. This is particularly important with the growth in BYOD.