diff options
Diffstat (limited to 'src/devices/tech')
-rw-r--r-- | src/devices/tech/security/enhancements44.jd | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/src/devices/tech/security/enhancements44.jd b/src/devices/tech/security/enhancements44.jd new file mode 100644 index 00000000..ec0aee8b --- /dev/null +++ b/src/devices/tech/security/enhancements44.jd @@ -0,0 +1,48 @@ +page.title=Security Enhancements in Android 4.4 +@jd:body + +<p> +Every Android release includes dozens of security enhancements to protect +users. The following are some of the security enhancements available +in Android 4.4: +</p> + +<ul> + <li><strong>Android sandbox reinforced with SELinux.</strong> + Android now uses SELinux in enforcing mode. SELinux is a mandatory + access control (MAC) system in the Linux kernel used to augment the + existing discretionary access control (DAC) based security model. + This provides additional protection against potential security + vulnerabilities.</li> + + <li><strong>Per User VPN.</strong> + On multi-user devices, VPNs are now applied per user. + This can allow a user to route all network traffic through a VPN + without affecting other users on the device.</li> + + <li><strong>ECDSA Provider support in AndroidKeyStore.</strong> + Android now has a keystore provider that allows use of ECDSA and + DSA algorithms.</li> + + <li><strong>Device Monitoring Warnings.</strong> + Android provides users with a warning if any certificate has been + added to the device certificate store that could allow monitoring of + encrypted network traffic.</li> + + <li><strong>FORTIFY_SOURCE.</strong> + Android now supports FORTIFY_SOURCE level 2, and all code is compiled + with these protections. FORTIFY_SOURCE has been enhanced to work with + clang.</li> + + <li><strong>Certificate Pinning.</strong> + Android 4.4 detects and prevents the use of fraudulent Google + certificates used in secure SSL/TLS communications.</li> + + <li><strong>Security Fixes.</strong> + Android 4.4 also includes fixes for Android-specific vulnerabilities. + Information about these vulnerabilities has been provided to Open + Handset Alliance members and fixes are available in Android Open Source + Project. To improve security, some devices with earlier versions of + Android may also include these fixes.</li> + +</ul> |