Android P, the next generation of Google's operating system, may not be due for release until sometime later this year - but that doesn't mean we don't already know some of the features it has in store for us. That's because the Android P is now available as a developer preview. That means this first preview of Android P is intended for developers only, not for regular consumers. It's very much a precursor to an official public beta and ultimate rollout of the real thing to the wider world later in 2018. As you would expect, a new version of the Android operating system will see a host of new features - but we're most interested in are improvements to users' security and privacy. Security and privacy are important issues for the Android operating system, for the simple reason that they are key motivations for many users and companies to purchase iOS devices instead. So, let's take a quick look at the new security and privacy features that Android P includes:
A standard system dialog for requesting fingerprint authentication
Android P promises to deliver a standardised look, feel, and placement for the dialog that requests a fingerprint, increasing user confidence that they are interacting with a trusted fingerprint checker. App developers can trigger the new system fingerprint dialog using a new API, and are recommended to switch over to the new system dialog as soon as possible.
Cleartext is dead. Long live encryption
Everyone who cares about privacy agrees that unencrypted internet communications are a bad idea, so Android P sees Google pushing hard for apps to move their network traffic away from unencrypted HTTP to HTTPS. As I've explained in the past, it's easy to focus on the respective strengths and weaknesses of the iOS and Android operating systems, without recognising that the real challenges come with the third-party apps. Presently too many apps are still transmitting users' information unencrypted, making personal data all too easy for hackers sniffing public Wi-Fi hotspots to grab. By changing Android's network security configuration to block all cleartext traffic by default, Google is making an important step to better defend users. If you want to ignore the advice of security professionals and continue to send information in cleartext to a specific domain they will have to explicitly opt-in for specific domains.
Harder for apps to secretly spy on you
With Android P, any app that idle in the background will be restricted from accessing your smartphone's microphone, camera and other sensors. Instead the microphone will report empty audio to the app, cameras will be disconnected (and cause an error if the app tries to use them), and all sensors will stop reporting events.
Backups encrypted with a local secret key
Before a backup of your smartphone is sent to Google's server for backup, Android P will ensure that your backup is encrypted on n your device using a local secret key (in other words - not saved on Google's server). Whether Android P will end up more secure than the latest version of iOS is open to debate, but anyone who cares about protecting sensitive information will welcome Google showing a higher level of focus in this area. Maybe, just maybe, the "P" in Android P might stand for "privacy". Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
