The upcoming version of Google's Android operating system offers several enhancements designed to strengthen handset security, particularly in businesses and other large organizations. Ars will be giving the just-unveiled version 4.3 a thorough review in the coming days. In the meantime, here's a quick rundown of the security improvements.
The most significant change is the addition of a security extension known as SELinux—short for Security-Enhanced Linux—to reinforce Android's current hack-mitigation model. Since Android's debut, apps have run inside a "sandbox" that restricts the data they can access and isolates code they can execute from other apps and the operating system as a whole. Built on a traditional Unix scheme known as discretionary access control, Android sandboxing prevents the pilfering of sensitive passwords by a rogue app a user has been tricked into installing or by a legitimate app that has been commandeered by a hacker.
Originally developed by programmers from the National Security Agency, SELinux enforces a much finer-grained series of mandatory access control policies. Among other things, SELinux allows varying levels of trust to each app and dictates what kind of data an app can access inside its confined domain.