Google strengthens Android security muscle with SELinux protection | Ars Technica - 0 views
-
Kiran Kuppa on 25 Jul 13The other big security enhancement introduced in Android 4.3 is a more robust way to store cryptographic credentials used to access sensitive information and resources. This means changes to the Android KeyChain, which stores digital certificates used to access Wi-Fi networks and virtual private networks used by large corporations and government agencies. With the keychain enhancements, the system-wide keys are bound to a hardware-based root of trust process devices that support this.The phone needs to have a secure element such as a Trusted Platform Module so that private keys can't be stolen even if the phone is rooted and the attacker has full access to the operating system. Phones that don't have this hardware capability will fall back to software protections for securing credentials.Enhancements to the Android Keystore, a similar resource that also stores credentials, allows users to create keys that can be accessed and used exclusively by a single application. Under version 4.3, "apps can create or store private keys that cannot be seen or used by other apps and can be added to the keystore without any user interaction A third enhancement is Android's ability to create secondary user profiles that implement fine-grained restrictions.