Android 5.0 Lollipop's sweet new security features

Google’s Android Lollipop is the fifth version of its tablet and smartphone operating system and it could very well find its way onto far more devices than any of its predecessors ever did. With the current trend in smart device proliferation through TVs, watches and even in-car entertainment systems not looking to abate any time soon, it better be secure. If you've recently upgraded to Lollipop 5.0 you might want to click here for some handy tips on running ExpressVPN more smoothly.

So what’s new and what’s good in lollipop?

From the perspective of an average user, the most important piece of news to accompany the release of Android 5.0 is the fact that the Adrian Ludwig, head of Google's Android mobile software security team, thinks that security on the device should be present but not heard, telling reporters recently that “I don't think it's realistic that the average person should care about security.” (We think he’s wrong and that everyone needs to have a degree of security awareness in order to better protect themselves from breaches of their security and privacy).

With Android holding around an 80% market share in the smartphone market it doesn’t appeal only to the technologically savvy segment and so Google, in an homage to Apple, have gone down the road of turning on key security features by default, thus leaving the average user to get on with using their device without worrying about whether they are safe or not.

Ludwig explained Google’s approach, saying “When it comes to security, we're not designing a single device, or millions of similar devices. We're building a service which helps users be secure despite the myriad of different ways that Android might come into play.”

As for the threats faced by Android users, there are many, but the biggest comes in the form of device theft and loss.

According to Consumer Reports, over 3 million Americans had their smart phones stolen last year, a rise of almost 100% compared with 2012. Mobile security company Lookout paint a similar picture, saying ten percent of all smartphones in the US have been stolen.

With that in mind, Google has come up with a few different ways of protecting devices and the data stored within them. This is achieved through the lock screen which can only be bypassed via facial recognition, PIN number or passcode, as well as device encryption and the ability to remotely wipe a lost or stolen device.

Of more interest is the Factory Reset Protection option which is the official name for what we know as the “kill switch.” When activated with the owner’s Google password, it will wipe all data from the phone and leave it totally inoperable.

Authorities are likely to welcome the kill switch, especially given that California law dictates that it has to be present on devices sold from 1 July 2015, but the on by default encryption (don’t forget the PIN code for your device if law enforcement asks for it) has already drawn collective gasps from the security services who we all know, love and trust not to use any tools at their disposal in order to spy upon us.

Other new security features are present too though and the most interesting by far is the implementation of guest accounts. Especially useful on devices that are used by more than one person, guest mode can allow other family members to enjoy using your device but without the added worry of later discovering that your settings have been accidentally changed, or a large bill has been incurred by a son or daughter who got carried away with in-app purchases in their favourite game.

Android Smart Lock is also a useful new addition that integrates Lollipop devices with Android Auto embedded systems and smartwatches. A user can set up their device with Smart Lock such that is will only be operable when within Bluetooth range of either their Android Auto system or smartwatch. This sounds like another great way of deterring thieves though I cannot help but wonder if it could lead to a leap in smartwatch theft.

Business owners looking for a more secure means of managing a Bring Your Own Device (BYOD) policy have not been overlooked by Lollipop either. By using containerisation, Android Work will present a seamless experience to the user while allowing IT staff to apply differing security policies to work and personal data and apps.

Also, app deployment will allow IT admins to specify which Google Play apps will be available for installation through the users’ work profile and distribution can easily be controlled by associating apps with particular individuals or groups. The ability to define policies will be applied to both apps as well as on a per user basis.

Overall it seems clear that Google is continuing to progress in the right direction with Android security and the decision to turn on certain features by default is the right one, given how a more security aware consumer base remains little more than an ideal for now.

The fact that the greatest risk an Android user can face is losing their device or having it stolen shows that people arguably remain the weakest link in the security chain and that technical controls are largely irrelevant when physical risks remain a key factor.