New Security Enhancements in Android 4.2

Android 4.2, Jelly Bean has introduced numerous new features, and security enhancements to facilitate the developers to work in a secure environment, and to make app development faster and easier. It has revitalized the camera app, typing gestures, messaging, texting and many more. Here I have provided details of the new security features in Jelly Bean update, which will make the application secure and manageable.
Default content Provider access is altered in the latest update. It is an ability to facilitate data sharing between the apps and system components. It grants minimal access to the components for carrying out the tasks i.e. the access to content provider implements the principle of least privilege. The access to the content providers can be controlled through a pattern of exported attribute and application specific permission. But as the exported attribute is optional, sometimes it creates ambiguity if the fields are not declared clearly. In the 4.2 update the default behavior for the providers are not exported, which prevents unusual sharing of data when the attributes are not declared. Android 4.2 has included a new default implementation of securerandom, which is based on OpenSSL. The change to this new implementation should be transparent to the android applications, but if the app uses securerandom to generate encryption data like keys, then app should be modified or should look for new means. JavaScript hosted in a WebView can directly call methods in an app through a JavaScript interface; hence any distrusted content hosted, can use reflection to solve the methods in the interface object and make use of the codes. The developers now have to explicitly annotate public methods with @JavascriptInterface in order to make them accessible from hosted JavaScript. This takes effect only if the applications’ minSdkVersion or targetSdkVersion is set to 17 or higher. Android 4.2 has also introduced a new way to protect the applications and data on other compatible devices. This secure USB debugging feature ensures that only the computers authorized by the users can access the contents of a USB-connected device by using the ADB tool in the SDK. Secure debugging is an extension of this ADB protocol that calls for hosts to authenticate before accessing any ADB services or commands. ADB initially generates a RSA key pair to identify the host. It can also be facilitated to allow access for a single session or can be automated for all future sessions. As long as the device is not authorized, it stays offline. Along with this update, Google will also be releasing its next Android version 5.0 in-between April and June of this year. This update may also be called as ‘Key Lime Pie’. Google announced that its next developer conference will take place during May 15 to May 17 of 2013, where they might introduce new android applications for version 5.0.

TThese new versions have called upon new possibilities for Android Mobile Application Development to secure their applications and also implement new methods for development. For the developers, updating their SDK environment is essential to include ADB version 1.0.31 and if the device appears to be in "offline" state, they might have to update ADB.

Posted in Software