Google Details Android 5.0 Lollipop’s Major Security Improvements

Android’s newest update is coming soon, with devices running 5.0 Lollipop beginning to ship November 3. While the visual update might be the one that most users pay the most attention to, Android 5.0 also has a number of under-the-hood changes, including some major updates to the overall security of the platform. Google has put a lot of effort into addressing the biggest threats to Android user security, which still overwhelmingly represent lost or stolen devices, and today the company is detailing a few of these efforts.

Lollipop adds some new lock methods that make it easier to keep your device secure, which is a huge boon to the overall integrity of the platform. The biggest roadblock to mobile device security is actually user apathy, which sees people skipping basic security practices like implementing a lock screen pin code because it’s inconvenient when you’re checking your device every few minutes. Lollipop offers Smart Lock to help address this, which uses paired devices to let you tell your device it’s okay to open up without requiring a password or other means of authentication.

The device-based Smart Lock has a similar motivation, and effect, to Apple’s Touch ID: Both serve to get around user reluctance to set up on-device security measures. Using Touch ID is easier than constantly typing in a password, and using Smart Lock offers the same kind of convenience. You can set it up using any NFC or Bluetooth-enabled device that has been paired with your Android 5.0 smartphone or tablet – provided they’ve actually paired, which isn’t always true of short-range wireless communication methods. The pairing requirement adds a layer of security, meaning your smartphone won’t unlock if you happen to be near an NFC terminal you’ve used for an in-store payment at some time in the past, for instance.

Face unlock is also redesigned here, and has been rebuilt to analyze a user’s image continually, as more of a background security process than a device unlocking mechanism.

“Rather than pretending to take a picture, and analyze it, it’s analyzing a user’s face on an ongoing basis,” explained Android security engineering lead Adrian Ludwig in a briefing call. “If a user’s opted in and is using this method, at the moment it detects that a user isn’t the one that it’s expecting, it locks. That’s very different from the previous model.”

Used with something like an Android Wear smartwatch, this means that your phone will be ready to use without a lock code whenever it’s on your person. Used with something like a smart TV, it means that you’ll be safe to bypass security measures only when you’re at home, where your device is unlikely to be pickpocketed or left behind. It’s a feature that offers a lot of initial convenience, and that also has tremendous potential for increased sophistication once Google begins iterating and tying it to other Lollipop features like Guest mode and the ability to offer multiple user accounts, and segregated work data buckets.

Security is also more robust by default, thanks to automatic whole-phone encryption for newly activated devices. In Lollipop, when you power on a new smartphone or tablet, it encrypts all data automatically, and creates a unique key that remains on the device to decrypt the data. Android introduced its encryption features three years ago, but now it’s on by default on new devices, though anyone upgrading on an older device will still have to go into settings to enable it, should they want that additional level of protection.

“The question we’re posing is not ‘does the feature exist,'” Ludwig said. “The question is ‘how do we make sure that [the feature] is available and as easy to use as possible.” Ludwig says that a big barrier to users employing encryption previously has been that a user enabling it on an existing device could take hour depending on how much data was on their phone, whereas now that it’s enabled by default at the beginning of device setup, it takes no time at all.

The encryption key is also wrapped in your device unlock password, and with all Nexus devices, and other new Android hardware that supports it, a secure element located in the device hardware itself that isn’t accessible to the rest of the system.

Finally, Google is pointing to its use of Security Enhanced Linux (SELinux) to enable even further clarity around the isolation of individual apps. This really just means that users have to worry less about apps containing vulnerabilities that allow them to read info from other apps – basically it offers better visibility about how sandboxing works on the platform.

“Our goal with the security model of Android is that you should never have to care, honestly,” Ludwig explained. “I don’t think it’s realistic that the average person should think about security. That’s sort of the confidence level that we’re hoping for in Android, and SELinux gets us that much closer to it, where you don’t have to worry about security, you don’t have to spend time thinking about it.”

Ludwig says that their own research shows that actual risk to users from malware is “extraordinarily low,” with only less than 1 in 1000 Android users ever affected by a malicious local software attack. Device theft and loss is what needs to be addressed as the top immediate threat, and that’s what many of these features focus on. Google is also focusing now more on network level compromises, but in the near-term Lollipop should do a lot to help reassure IT departments worried about absent-minded employees losing track of devices.