Google hasn’t provided Android 4.2 Jelly Bean only with entertainment features, but also with several security enhancements. This new update gives users the possibility to protect their smartphones while installing new applications.
Based on the description provided by developers, the security enhancements verify apps before they get installed on the smartphone to determine whether they contain malicious programs or not. Should the app turn out to be bad, the security update blocks the program, so the mobile device won’t get contaminated.
Moreover, Android 4.2 Jelly Bean notifies you whenever the app tries to send a SMS to a premium service that may require an additional charge. The smartphone will display a dialogue window asking you whether you want the SMS to be sent or blocked.
The VPN can be configured according to users’ preferences due to the new features that have been added to Android 4.2.2. The former will not have access to a network until a VPN connection is established. Applications that normally target API Level 17 will automatically be considered false because the ContentProvider reduces default attack surface for applications. This will also reduce potential attacks on root as the installed daemon does not run as a root user. Symlink related attacks are also prevented with the help of the O_NOFOLLOW semantics, whereas the implementation of FORTIFY-SOURCE will prevent memory corruption.
Among the many changes that developers have performed on the Jelly Bean operating system is also the use of OpenSSL that enables the implementation of SecureRandom and Cipher.RSA. WebKit, libpng, OpenSSL and LibXML open source libraries have also been secured with the help of the new updates provided on Android 4.2.2.
Fred Chung, Android Developer Relations team suggested a method for the use of the security updates. In his opinion, generating a random AES key during the first launch and saving it in the internal storage is the most recommended approach that smartphone owners should use. Another useful security feature is the secure USB debugging, which allows only authorized host computers to access the USB device that has been connected to the phone.