During an hour-long Hangouts web chat for the media and select IT professionals, Google today provided a glimpse of some of the new security features in its upcoming mobile OS, Android 7.0 "Nougat," which should be available on Google Nexus devices "in a few weeks," according to the company.
The online briefing wasn't meant to be exhaustive. Instead, it provided a top-level look at a set of new security and management tools in Android Nougat and Android for Work. Here's a breakdown of some of the most notable security improvements in Nougat, for Android users and IT administrators.
Android Nougat 7.0 platform-security enhancements
1. Direct boot and stronger encryption
Android Nougat users who encrypt their phones will no longer have to enter a security code after a reboot and then wait for their devices to restart in order to use core native features. Google apps including the phone and alarm will work on encrypted phones after a reboot, but the passcode will be required to access data using those apps, such as a phone contact list.
New file-based encryption works at a more granular level to better isolate users and profiles in Android. And hardware-backed encryption keys are required for all new Android phones that run Nougat.
2. Stronger MediaServer and platform hardening
Google caught a lot of flack related to flaws in its Android MediaServer components that enabled the Stagefright attacks earlier this year, and it says it strengthened the MediaServer in many ways. For example, Android 7.0 Nougat gives attackers who might breach MediaServer access to fewer permissions, according to Google.
Android Nougat also requires that all devices support verified boot, so corrupt phones or tablets won't start at all, or will only grant access to "safe" apps and services after they start, Google says.
3. App security and abuse prevention
Apps on previous Android versions used to be able to share user-granted permissions with other apps much more easily, according to Google. In Nougat, the company cracked down on permission sharing between apps. And apps with device admin permissions in Android Nougat can no longer prevent users from uninstalling them or change users' PIN, passwords or codes to lock them out of their devices.
4. 'Seamless' Android updates
When Nougat software updates are available for new phones, users can choose to download and install them in a separate on-device partition, so they don't need to stop using their phones or tablets during the process. The next time they reboot their phones, the new software will auto-install much more quickly than in the past, according to the company. Unfortunately, only new phones optimized for Nougat will have access to this feature.
Sign up for CIO Asia eNewsletters.