Google has released version 4.4 of Android, dubbed KitKat. Between the improvements, some have noticed several security-related changes, which Kaspersky Lab has analysed.
‚”There is definitely some improvement with this new version, especially with regards to security. One of the biggest upgrades within Android 4.4 is that it will warn a user if a Certificate Authority (CA) is added to the device, making it easier to identify Man-in-the-Middle attacks inside a user’s network, explains Stefan Tanase, security expert at Kaspersky Lab. Google Certificate Pinning makes it harder for complicated attackers to intercept network traffic to and from Google services, by ensuring only whitelisted SSL certificates can connect to certain Google domains.‚”
Furthermore Android 4.4 is enforced by another barrier against exploits gaining rooting access. SELinux is now running in enforcing mode, instead of permissive mode. It makes buffer overflow exploits harder to implement.
From the point of view of malware threats, these enhancements do not really make a big difference. The most common Android infection source remains the same: unofficial apps downloaded from third-party stores. Thus the most important change from Android 2.3 is the lowered recourse usage. Users can look forward to Android 4.4 running on devices with just 512MB of RAM, which, for high end hardware means faster operation and much better battery life.
One of the biggest problems in the Android ecosystem is the amount of different versions of the OS, including ancient ones that are still running on users’ mobile devices. Tanase states that more than 25% of users are still running on Android 2.3*, which represents a big security issue. According to Kaspersky Lab experts, power users have always wanted to use the latest versions of Android on their devices – that’s why phone rooting has become so popular.