Yet another facet of KitKat worth pointing out today is the addition of new security enhancements to the OS. Security is one area that's frequently sensationalized with Android - it seems that every few days a scare story about Android malware creeps onto my Google News page. Google's eliminating security arguments (and possible arguments) one at a time, though, and has made a few key enhancements this time around.
First among them is a change to SELinux. For those not up to speed, SELinux - introduced in Android 4.2 - is essentially a set of kernel add-ons and tools that restricts pieces of software to run with only the bare minimum privilege set they require to function properly, and minimizes the damage a malicious program can do by tightly controlling security policy. Previously, SELinux operated in "permissive" mode in Android, but in 4.4 it has been switched to "enforcing" mode, meaning essentially that even if a piece of malware successfully intrudes, it won't be able to disable SELinux and do whatever it wants, even - theoretically - if it has administrative access.
Android 4.4 KitKat also mixes in improved cryptographic algorithms, adding support for Elliptic Curve Digital Signature Algorithm to improve security for digital signing, and the implementation of the Scrypt key derivation function to protect the keys used in encrypting a full disk.
Finally, KitKat applies VPNs per user, meaning each user can route traffic through a separate VPN without affecting other users on the device. FORTIFY_SOURCE level 2, a directive that detects buffer overflows in an effort to enhance memory safety, is also supported in 4.4. For Google's own list of enhancements, and more developer-facing changes, hit the link below.
Source: Android Developers