KitKat security has room for improvement – Bitdefender - Mobile World Live

KitKat security has room for improvement – Bitdefender

04 NOV 2013

There are a number of areas in which the latest version of Android, 4.4/KitKat, could be improved to prevent security incidents, according to Catalin Cosoi, chief security strategist at anti-virus provider Bitdefender.

With KitKat being based on the Android Open Source Project, Cosoi said there are few visible changes in terms of security compared to version 4.3 (Jelly Bean). However, there are some changes that could have an impact.

The first is that the App Ops functionality in Android 4.3, which allows users to selectively deny app permissions, has been removed in release 4.4. “We expected this feature to go live with KitKat, but, apparently it is no longer accessible via the Activity Launcher hack,” said Cosoi.

Prior to last week’s launch of KitKat, Cosoi said allowing control of app permissions would improve security, by allowing users to accept or deny permission requests. Cosoi felt Android 4.3 went part of the way to address the issue but could have gone further.

One area KitKat does address is fragmentation. By designing the latest OS to work on lower-spec smartphones as well as those at the high-end, Google is allowing the latest update to be accessible for more Android users. This will be a boost for mobile device management and security across enterprise organisations.

Cosoi previously noted there is scope for KitKat to address a number of app security issues that have affected the OS in the past — such as USSD-based attacks and the MasterKey bug.

A scanning API would allow anti-malware providers integrate better with KitKat, ensuring apps are more effectively scanned. In addition, the ability for anti-theft tools to survive a factory reset of a device would also improve security, as it would mean thieves are unable to make use of devices even if they wipe existing data.

A built-in sandbox isolating apps that come from untrusted sources would also be a positive addition, according to Cosoi. This means users could run the program in the sandbox and monitor its behaviour before deciding whether to run it on their device.

Finally, the ability to separate business and personal profiles would avoid confidential data being shared inappropriately. This is particularly important with the growth in BYOD.


Tim Ferguson

Tim joined Mobile World Live in August 2011 and works across all channels, with a particular focus on apps. He came to the GSMA with five years of tech journalism experience, having started his career as a reporter... More

Read more