Security Focus in Android 4.2 Release

Wednesday, November 7, 2012 @ 04:11 PM gHale

New security features end up featured in the new Android 4.2 release.

In addition to adding new multi-user capabilities and a panorama feature, the upcoming Android 4.2 release will introduce new security features which, Google has been quiet about.

There are two new security features in the latest version of the mobile operating system – a reputation service for apps and a system to protect users from expensive premium rate texts, said Hiroshi Lockheimer, vice president of Android Engineering at Google.

Android Smishing Vulnerability
Risk Mgt: Android Apps Show Threat
Free Android Apps can Take Control
Be Wary of Google Play Apps

Version 4.2 of Android includes what is essentially cloud-based anti-virus software, which warns against known malicious files on request. If the user selects the “Verify apps” option prior to installing an app from a source other than the official Play Store, Android will check a signature of the APK installation file with a Google server. If the server classes the signature as belonging to “dangerous malware”, it will block installation. If the app is safe, the installation will proceed unimpeded. There is also an intermediate stage for apps that have “raised red flags” and classify as suspicious but show no definite evidence of harm; in these cases, users will get a warning of the risks and then will choose if they want to install the app.

Google collects information on the intent of apps primarily through its Play Store infrastructure. To weed out malicious apps, Google runs all accepted apps into the official download catalogue on its Bouncer anti-malware system. As a result, the company now has a database of more than 700,000 apps and their behavior. Lockheimer said Google also scans .apk installation files on the web.

Android 4.2 will also warn the user before sending a premium rate SMS message. Premium rate texts are currently the most lucrative fraud technique for malware apps.

Leave a Reply

You must be logged in to post a comment.