diff options
author | Nick Kralevich <nnk@google.com> | 2013-10-28 10:36:32 -0700 |
---|---|---|
committer | Nick Kralevich <nnk@google.com> | 2013-10-28 12:22:24 -0700 |
commit | 8b9aa8742be7da7160ea9cde15a10953569fbe8f (patch) | |
tree | 619f2edb31b1cab5e48ee8a02d8e45a7bd0349a7 /src/devices/tech | |
parent | a7b64e59690c990f8a2a652b74e9e911dda36dd1 (diff) | |
download | source.android.com-8b9aa8742be7da7160ea9cde15a10953569fbe8f.tar.gz |
Android 4.4 security enhancements.
Bug: 11414532
Change-Id: Ib531a9b21a4b36c9aef279ecb59aadc2ef03e516
Diffstat (limited to 'src/devices/tech')
-rw-r--r-- | src/devices/tech/security/enhancements44.jd | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/src/devices/tech/security/enhancements44.jd b/src/devices/tech/security/enhancements44.jd new file mode 100644 index 00000000..ec0aee8b --- /dev/null +++ b/src/devices/tech/security/enhancements44.jd @@ -0,0 +1,48 @@ +page.title=Security Enhancements in Android 4.4 +@jd:body + +<p> +Every Android release includes dozens of security enhancements to protect +users. The following are some of the security enhancements available +in Android 4.4: +</p> + +<ul> + <li><strong>Android sandbox reinforced with SELinux.</strong> + Android now uses SELinux in enforcing mode. SELinux is a mandatory + access control (MAC) system in the Linux kernel used to augment the + existing discretionary access control (DAC) based security model. + This provides additional protection against potential security + vulnerabilities.</li> + + <li><strong>Per User VPN.</strong> + On multi-user devices, VPNs are now applied per user. + This can allow a user to route all network traffic through a VPN + without affecting other users on the device.</li> + + <li><strong>ECDSA Provider support in AndroidKeyStore.</strong> + Android now has a keystore provider that allows use of ECDSA and + DSA algorithms.</li> + + <li><strong>Device Monitoring Warnings.</strong> + Android provides users with a warning if any certificate has been + added to the device certificate store that could allow monitoring of + encrypted network traffic.</li> + + <li><strong>FORTIFY_SOURCE.</strong> + Android now supports FORTIFY_SOURCE level 2, and all code is compiled + with these protections. FORTIFY_SOURCE has been enhanced to work with + clang.</li> + + <li><strong>Certificate Pinning.</strong> + Android 4.4 detects and prevents the use of fraudulent Google + certificates used in secure SSL/TLS communications.</li> + + <li><strong>Security Fixes.</strong> + Android 4.4 also includes fixes for Android-specific vulnerabilities. + Information about these vulnerabilities has been provided to Open + Handset Alliance members and fixes are available in Android Open Source + Project. To improve security, some devices with earlier versions of + Android may also include these fixes.</li> + +</ul> |