Android’s security was a real issue in the early iterations of the mobile platform but, as the build numbers grew, Google managed to create a more secure environment that now suits the needs of business.
However, Android is not secure enough when it comes to the needs of the NSA, which decided to release its first “security enhanced” version of Android. The custom build is available for anyone to download and use in the creation of a custom ROM, bringing Android security to the next level.
For the more thechnical among you, here’s what the Security Enhanced Android brings:
– Per-file security labeling support for yaffs2,
– Filesystem images (yaffs2 and ext4) labeled at build time,
– Kernel permission checks controlling Binder IPC,
– Labeling of service sockets and socket files created by init,
– Labeling of device nodes created by ueventd,
– Flexible, configurable labeling of apps and app data directories,
– Userspace permission checks controlling use of the Zygote socket commands,
– Minimal port of SELinux userspace,
– SELinux support for the Android toolbox,
– Small TE policy written from scratch for Android,
– Confined domains for system services and apps,
– Use of MLS categories to isolate apps.