Android 14 will shield mobile users against malware

There is no doubt that an open mobile operating system, such as Android, has its advantages, but it also presents significant security challenges and should be considered as an attack surface when deployed as an asset in an organisation.

For its part, Google has decided to make it harder than ever for cybercriminals with Android 14, deploying built-in security features as standard (some carried over from previous versions) to shield mobile users from malware. While still only in beta, we can already talk about some of these features and what they will mean for businesses.

Last February, the first developer version of Android 14 landed. The successor to Android 13 can already be installed on some phones, such as the Google Pixel, but it is still in the preliminary stage.

As can be expected, all manufacturers are already working to make the new operating system available to users. However, during the announcement of Android 14, the first handsets to be equipped with the new version were made known. In addition to the Google Pixel, other manufacturers such as OnePlus, OPPO, Vivo and Xiaomi already have the beta version, and they are already on the market or will be appearing soon.

In May, at Google I/O 2023, an official event held in California, Google's CEO presented the main features of the new version to everyone. As expected, security is the highlight.

The fact that Android is an open system has many advantages, but it also entails a huge cybersecurity risk. For example, just a few weeks ago, dangerous malware was discovered in 60 Android apps with millions of downloads. Recent, yes. Surprising, no, as is usual. From time to time we hear about fraudulent apps that threaten individuals and businesses alike.

That is why Google has decided to make it harder than ever for cybercriminals with Android 14, deploying built-in security features as standard (some carried over from previous versions) to shield mobile users from malware.

Android Enterprise is an Android version that includes device management tools. Android 13 included decisive improvements such as the separation of personal and work data. Companies can take advantage of these tools to manage and control of work devices. The system also offers productivity tools for work profiles, such as smart dictation (on a Google Pixel) or the use of NFC. On the security front, the most interesting new feature in version 13 is that employees can manage security and privacy settings and view the company policies that are being applied to their device.

In Android 14, organisations will be able to assign SIM cards specific to the device's work profile. This functionality covers use cases where organisations provide employees with a device and SIM for work and allow personal use on another SIM, which adds an extra layer of security not only in terms of functionality for the user, but also for personal data protection purposes.

We see, therefore, that many of the improvements in Android are not primarily aimed at security, but rather serve to reinforce the company's general policy in this area.

Below are some of the most salient security improvements and developments:

1. Advanced Memory Protection. 
   Recently, Android expert Mishaal Rahman discovered an important provision called Advanced Memory Protection, which uses the memory tag extension (MTE) to protect against memory security errors. The absence of this protection can cause malicious applications to write beyond their allocated memory region to alter the app's behaviour and embed malware on the device. Android 14 already incorporates this protection as standard, and although it is currently only available for ARMv9 (the only architecture with MTE support), it is expected that eventually all CPUs will be manufactured with this technology.
2. Enhanced PIN Privacy. 
   Android 14 will allow users to remove animation on the lock screen, meaning characters will no longer animate when tapped. This will make the characters in the PIN or password almost impossible to recognise. In addition, the character limitation has also been removed when entering the password. Thus, for example, even if the user has a PIN containing only 4 digits, they can enter as many digits as they want without the system alerting them.
3. New credentials manager (Passkey). 
   Android 14 puts all user accounts in one place, making it possible to log in without passwords. and they will also not have to be entered when accessing a particular account because they will be entered using the new "Passkey" feature, which links the different passwords with biometric identification methods such as the fingerprint reader or facial recognition.
4. Changes in exact alarm permissions. 
   SCHEDULE_EXACT_ALARM was introduced in Android 12 to allow apps to schedule exact alarms for notifications or actions that need to be performed at a precise time, as well as allow them to launch foreground processes even when they are in the background. Android 14 will no longer pre-grant this permission, but rather: it will be inactive by default.
5. Selection of visible files for the app. 
   By having the app use Android's new photo selector (introduced with Android 13), Android 14 will give users the option to allow applications full or partial access to images or videos stored on the device, or block access completely.
6. Blocking installation of old apps. 
   Simple, but effective: Android 14 will block the installation of old apps. Until now, users had the option of downloading software from APK files. With the upcoming Android 14, this will no longer be possible. While it will now be up to application developers to keep their applications up to date, it presents a major blow to hackers' operations
7. Information on location sharing parameters. 
   Android 14 increases the number of points where the system displays the information stated in the Play Console form, which is currently only viewable from Google Play. With the new version, the runtime dialogue will include a section that highlights the application's shared usage parameters. If the user shares their location, and if their application then expands its sharing practices, the user will see a system notification showing the applications that have changed their data sharing settings, along with the option to modify the settings for each application individually.
8. Full deletion of accounts and personal data. 
   This option is already offered by some apps (normally a cumbersome process), but from Android 14 onwards, it will be mandatory for all apps. This allows any user to delete all their personal data. Applications will need to be transparent about how they handle information. In addition, Google now requires developers to allow deletion via an external website. However, the company will give them sufficient time (until the beginning of 2024) to adapt to the regulations. For apps that require more time to meet the guidelines, they can apply for an extension until 31 May 2023.
9. Artificial intelligence. 
   One of Google's most recent announcements has to do directly with security and is based on artificial intelligence. At the beginning of June, Google presented Secure AI Framework (SAFI), a conceptual framework for the development of AI-based security mechanisms to detect and respond to cyber incidents, as well as extend threat intelligence and other capabilities. In fact, SAIF also includes the need to create systems to protect the AI systems themselves (e.g., against theft of models, poisoning of training data, etc.). Although it is in its infancy, it is also true that this "conceptual framework" represents a statement of intent. AI can improve the scale and speed of security incident response, and Google knows it.
10. New "Health Connect" option. 
    Although it is not an active security provision, Android 14 will add a new option called "Health Connect" in the "Security and Privacy" menu. This function allows you to connect health-related devices (blood pressure monitors, glucose meters, etc.) to your Android device and securely manage user data.

If you want to know more about Android in the company and about its new security and privacy features, contact us and to find the best solutions for your business'specific needs.