Over the years, Google has been shoring up security on Android in a bid to make the operating system more attractive to governments and businesses, and to reduce the threat of malware for regular users. Unfortunately, these changes often come at the expense of flexibility in our beloved platform. As we close in on the next major release of Android, due to be announced next month, SuperSU developer Chainfire has discovered a set of commits to the Android Open Source Project (AOSP) that may seriously impact some of the functionality currently enjoyed by many root users.
It's hard to be Sprint these days. Its LTE rollout is lagging way behind the competition, it's losing subscribers and cash fast, and everyone is making fun of its "Framily" plans. That's too bad, but Sprint isn't going to get back in our good graces by charging money for things we already have or don't need in the first place. That's just what it's doing with the new Total Equipment Protection (TEP) Plus plan.
Google's previously announced enhancement to the Verify Apps framework is rolling out to users now, according to the official Android blog. Your device already has the standard Verify Apps system built-in that scans at the time of installation, but the new version will be watching all the time for suspicious activity.
Verify Apps compares each app you install with known malware signatures, but there's always a possibility you are downloading a form of malware that hasn't been identified yet.
Google has updated its Play Store developer policy with some tweaked language and a few new sections. As usual, Google is making changes to address worrying trends it is seeing in apps. Developers whose apps are not in line with the new policy risk getting booted from the store. Perhaps the most interesting alteration is a new section outlining unacceptable app promotion techniques.
Android malware isn't as big of a concern as some mainstream media reports would have you believe, but it is enough of an issue that Google started beefing up its security a few years ago. There's the "Bouncer" server-side scanning that checks apps before they go live, and your device runs app verification as new packages are installed. Now Google is about to patch a hole in the local app scanning by making it run continuously.
Samsung has announced a slew of improvements to its KNOX enterprise security product at this year's Mobile World Congress. For starters, users can now manage two separate secure containers per device, ideal for consultants with multiple clients or people who just want to better separate work data from personal files.
The total list of changes goes much deeper.
- Two separate secure containers per device, for example, for consultants who work for several companies or doctors who work for several clinics.
Lenovo isn't really known for putting out the best Android tablets on the market, and last year's lackluster YOGA tablets are a perfect example of that. The design seemed nice, but both the eight and 10 inch versions of the device were simply lacking in the spec department. Lenovo is looking to change that stance this year with the all new YOGA Tablet 10 HD+, which takes what worked with the original's form factor and stuffs it full of mostly decent hardware.
Even casual observers of the Android ecosystem know that piracy is a big issue for developers. But if a report from mobile security company Arxan is to be believed, app piracy and "hacking" is incredibly prevalent, or at least prevalent enough that most of the popular apps are available in a pirated or cracked form. According to the company's "State of Security in the App Economy" report for 2013 (PDF link), the top 100 paid Android apps have been "hacked."
We used "cracked" in the headline because Arxan doesn't mention the purpose behind these hacks, so we're assuming that in most cases they're free, pirated versions of paid apps.
Yet another facet of KitKat worth pointing out today is the addition of new security enhancements to the OS. Security is one area that's frequently sensationalized with Android - it seems that every few days a scare story about Android malware creeps onto my Google News page. Google's eliminating security arguments (and possible arguments) one at a time, though, and has made a few key enhancements this time around.
First among them is a change to SELinux.