Over the years, Android has been labeled by many as the most vulnerable of the mobile operating systems. has worked hard to remove this unfortunate stigma with every new version of Android, but it’s with Android llipop (5.0) that the company is attempting to showcase its improved security features with great fanfare, beginning with a blogpost published Tuesday by one of Android’s lead security engineers.
The post got us wondering: how safe is the new version of Android will the new security features really make a difference in the way users perceive it? talked to Roberts, editor of The Security dger about what Android’s real threats are whether llipop’s new security features will actually help squash the operating system’s unsavory reputation.
Actually, Android has always been secure
In the blogpost, highlighted three particular newish security features in Android 5.0: the ability to unlock a phone with Bluetooth pairing or NFC, default out-of-the-box encryption, better Security Enhanced nux (SEnux) to help keep malicious apps from tearing away at everything else. The kicker is that most of these features have already been available in some capacity. For instance, the first iteration of SEnux shipped with Android in 4.2.2, while encryption was always there (it was just opt-in).
“I think Android in general is a pretty secure operating system, in some sense always has been,” said Roberts. The problem is that users weren’t taking advantage of existing security features because they weren’t easy to implement. It’s an issue with most mobile companies, however.
“The key, we saw with Apple’s Touch ID, is that it has to be pretty reliable seamless,” said Roberts, though he admitted that even Apple’s hardware solution still isn’t all that intuitive. “I have an ione 5S, I use it with a case… TouchID is not really that reliable with the case. It works probably 60 percent of the time, but 60 percent of the time is poor enough that I never want to use it.” Roberts stressed that users will only take advantage of new security features that work “quickly more or less 100 percent of the time. If it falls short of that, people will not use it.”
‘s aim is to make security features in Android llipop a bit easier by enabling encryption by default on new devices providing an easier way to unlock phones, but it will only be successful if its implementation is fast easy.
Android’s real threat is still fragmentation
ile the implementation of better application sboxing forced encryption in Android 5.0 makes Android safer than ever, there are still other threats that aren’t being addressed directly. “Most of the threats of the Android OS are not compromises of the core operating system, they’re just malicious apps that people installed thinking they’re legitimate apps,” said Roberts.
The other issue is the strikingly large percentage of users running older, outdated versions of Android that aren’t equipped with any new or updated security features. It’s a byproduct of the fact that has essentially created an environment within the Android ecosystem that is very centralized. “ile llipop will be more secure than versions that came before it…there’s no way for to force existing Android device users to adopt llipop,” said Roberts. “That job really falls to both the hset makers the carriers selling the phone. It’s very unlikely that any of them will proactively update existing devices from earlier Android versions to llipop.”
If really wanted to improve the overall Android experience, it would help those users left behind get up to speed—or at least rein in the carriers manufacturers who are delayed in doing so. oviding new security features only to new phone buyers upgrading phones bought in the last year isn’t going to cut it.
Better to have some protection than none at all
’s built-in features will at least protect users from what they can’t immediately control, things like application sboxing will actually make a real difference in terms of malware data theft.
Overall, Roberts hammered home the idea that the security features built into Android llipop are more than just window dressing—they’re real substantive, as people migrate to devices that run llipop the dialogue on Android security will likely change. “This is all part of the post-Snowden world,” he said. “Users want to keep their data safe from prying eyes this latest version if all about trying to make that as seamless as possible.”
Android llipop’s new souped-up security features will hopefully shift the conversation to how much safer the operating system is now compared to its humble beginnings, but it will only be successful if users are making use of the new security add-ons. If they’re annoying to use, why bother?