We've got an LG Nexus system dump and endless desire to spoil every Googley surprise we can. Today's edition of the Android 4.2 Teardown could be alternatively subtitled "The Super-Serious Security Edition," because we're talking about the sort of stuff that should make your sysadmin jump for joy.

Please keep in mind this is just as forward-facing and time-ambiguous as all my other teardowns. This is a list of new stuff in the 4.2 dump, not a list of "confirmed for 4.2" features. Anything could be cut or not fully implemented by the time 4.2 rolls around; similarly to how bits of Android are currently multi-user aware, yet multi-user functionality isn't accessible. Some of this stuff may make it to 4.2, but probably not all of it. Got it? Good.

Now, get ready for a HUGE security push. I recently revealed the Play Store was getting "App Check," a client-side malware scanner, and Google already has "Bouncer" a server-side malware scanner, but they aren't stopping there.



Image credit: Centos.org

Security-Enhanced Linux is a set of kernel add-ons and user-space tools first started by the NSA that brings mandatory access control to Linux, which basically means user programs and system servers only run with the minimum amount of privileges they need to function. Unmodified Linux uses discretionary access control. Users can grant high levels of access to files they own, and malicious software can do anything it wants with the files and controls the user has access to. If you run that malicious app with root privileges, it now has access to everything.

In SELinux, there is no concept of a root user. Security policy is defined by an Administrator and applied to every process and object, and nothing can override it. This means the potential damage a malicious program can cause is minimal. Basically, SELinux is serious lockdown-mode for the hyper-secure enterprise crowd.

So, now that we have a rough idea of what SELinux is, maybe this set of strings will mean something to you:

<string name="selinux_status">SELinux status</string>
<string name="selinux_status_disabled">Disabled</string>
<string name="selinux_status_permissive">Permissive</string>
<string name="selinux_status_enforcing">Enforcing</string>

This was buried in the Settings APK. According to the layout xml, SELinux will have a status readout tacked-on to the current About Phone screen. It will now list "SELinux Status" at the very bottom, right under "Kernel version" and "Build Number." If you're wondering why there are 3 options and not just "on" and "off," "Permissive" is a logging mode, which will tell you when it would have blocked something, but won't actually block things.

The other key piece of information to get from the string file is that this is an optional mode, don't go around saying that Google is shutting down root functionality or anything. This is for security conscious enterprise and government-types and probably won't be enabled on consumer phones.

Always-On VPN


Image Credit: How Stuff Works

A VPN (Virtual Private Network) provides all sorts of benefits, depending on how you set it up. You can use it to beat government or corporate site filtering, access a remote computer, surf anonymously, or just to encrypt all your web traffic.

Right now, you can tell Android to funnel all your data through a VPN, and it will, but if you restart your phone, or if the VPN server ends your session, suddenly all your data will start beaming out over the regular internet. There's no way to say "only send data while connected to a VPN," until now.

<string name="vpn_menu_lockdown">Always-on VPN</string>
<string name="vpn_lockdown_summary">Select a VPN profile to always remain connected to. Network traffic will only be allowed when connected to this VPN.</string>
<string name="vpn_lockdown_none">None</string>
<string name="vpn_lockdown_config_error">Always-on VPN requires an IP address for both server and

The strings are pretty self-explanatory. VPN Lockdown will only allow your data to travel over the VPN. No VPN? No internet. There's a subset of VPN users that probably consider VPN functionality useless without this feature. They'll be happy.

Premium SMS Confirmation

A big incentive for the bad guys to write Android malware is that you can quickly and silently charge money directly to a phone bill with premium SMSs. That's a tempting target, so making it harder for malware writers to get paid would go a long way towards slowing down a virus-filled mobile future.

Google seems to want to do just that, I found these strings in the framework code:

<string name="sms_short_code_confirm_title">Send SMS to short code?</string>
<string name="sms_premium_short_code_confirm_title">Send premium SMS?</string>
<string name="sms_short_code_confirm_message">&lt;b>%1$s&lt;/b> would like to send a text message to &lt;b>%2$s&lt;/b>, which appears to be an SMS short code.&lt;p>Sending text messages to some short codes may cause your mobile account to be billed for premium services.&lt;p>Do you want to allow this app to send the message?</string>
<string name="sms_premium_short_code_confirm_message">&lt;b>%1$s&lt;/b> would like to send a text message to &lt;b>%2$s&lt;/b>, which is a premium SMS short code.&lt;p>&lt;b>Sending a message to this destination will cause your mobile account to be billed for premium services.&lt;/b>&lt;p>Do you want to allow this app to send the message?</string>
<string name="sms_short_code_confirm_allow">Send message</string>
<string name="sms_short_code_confirm_deny">"Don't send"</string>
<string name="sms_short_code_confirm_report">Report malicious app</string>

If you're having a hard time reading through the programming junk, the main message says " would like to send a text message to [number], which is a premium SMS short code. Sending a message to this destination will cause your mobile account to be billed for premium services. Do you want to allow this app to send the message?" It's a nice, clear message that will pop up whenever an app tries to send a text to a short code. You're then allowed three options, "Send message," "Don't send," and "Report malicious app."

Here's the data for it. They basically just have a giant list of premium shortcodes for each country. If you send to a shortcode that isn't in this database, Android will still warn you that this is a shortcode, and that "Sending text messages to some short codes may cause your mobile account to be billed for premium services."

This sounds like it will stop phone billing malware in their tracks, and instant, easy reporting will go a long way too.

We'll be back with more! Next time we've got a sneak peek at the new, work-in-progress Gallery design, and some other stuff. Stay tuned!