Android 5.0 Lollipop isn’t just a pretty face: it’s pretty serious about security too. From intruder detection to secure sandboxing, version 5.0 is the toughest Android yet and includes new features like device recognition, Trusted Locations and ''on-body detection'' as well. Here’s what’s new and why Android 5.0 makes your device better.
It’s quiz time: what’s the biggest threat to your Android device? If you said hackers, malware, villains or midgets you’d be wrong, because the answer is you. Far too many of us don’t bother with even simple security procedures because they’re too much of a pain in the neck - and that’s something Android 5.0 Lollipop is designed to address.
Smart Lock security
Screen locking is one of the simplest ways to secure a phone or tablet, but as Google points out, many people don’t use it “because it takes too long to unlock, dozens of times per day”. Its solution, which is baked into Android 5.0, is a smarter locking system.
You can pair it with compatible Bluetooth or NFC devices so the phone doesn’t lock when you’re holding it with your Android Wear smartwatch or when it’s paired with your car, or you can take advantage of the revised facial analysis, now called Trusted Face, which can detect when the user isn’t you and refuse to unlock your device. You can also set Trusted Places like your home or office so you don't need to unlock your phone in those locations.
A new Smart Lock security feature has arrived called ''on-body detection,'' whereby your phone asks to be unlocked once and won't lock again until you set it down. If you continue to hold your phone or put in in your pocket or purse you won't need to unlock it again the next time you hit that power button. The system works with the accelerometer in your phone to know when it's on your person. You need to have Google Play Services v7.0.97 or above or you'll see an experimental option called Trusted Behavior instead. Here it is in action:
Kevlar around the core
Two of the most important security features in Android 5.0 Lollipop are invisible to everyday users. Device encryption, previously available as an option, is now on by default, so your data is protected from the moment you first switch on your brand new or upgraded Android 5.0 device.
There’s also mandatory SELinux Enforcing Mode for all apps on all devices. SELinux first appeared on Android KitKat, and it prevents applications from getting into parts of the system or device that they aren’t supposed to. Making it mandatory for everything makes Android significantly less exposed to malware.
Automatic updates and the kill switch
For some time now Google has been moving essential updates out of the main Android package and into Google Play Services, which enables Google to update crucial components without having to persuade manufacturers to issue a brand new Android version.
That continues in Android 5.0, this time with the WebView component moving to Play Services. WebView is the component app developers use to display web content inside their apps, so the ability to patch it frequently is a good thing.
Android 5.0 Lollipop also gains a “kill switch” in the form of Factory Reset Protection. This requires your Google ID and password before anybody can reset the device, and it makes it much more difficult for a lost or stolen phone to be wiped by baddies. That’s the good news; the bad news is that you have to specifically enable it. As before, you can also use Android Device Manager to locate, reset or erase your device if it goes missing.
The school of hard Knox
Android 5.0 Lollipop features something Samsung cooked up: Knox, Samsung’s attempt to make Android more appealing to enterprise customers. Google has taken three sets of APIs from Knox and put them into Android: there are APIs for device and data security, APIs for IT admins’ policies and restrictions, and APIs for remote application deployment. Samsung has created a Knox compatibility library to make it easy for Knox developers to make their apps work happily on Lollipop too.
Phones get guest accounts too
The multiple account support we like so much on tablets makes its way to Android smartphones in Android 5.0, and it’s well worth having. There are three kinds of user accounts: guest mode, which is rather like Chrome’s Incognito mode but for the entire phone, with the option to start from scratch each time; profile accounts, which you can use to prevent the kids from Googling for gore; and user accounts, which have full access to apps and settings but which don’t affect other users’ accounts.
It’s still up to you
While Google has done lots of things to make Android 5.0 Lollipop the most secure Android ever, the weak link in its armour is still the device owner: if you don’t set up a lock screen or enable Factory Reset Protection, for example, Android’s security isn’t going to help if your device gets lost or stolen.
Similarly, if you’re sideloading apps from Dodgy Dave’s World of Warez An’ Crackz, even the new security features might not protect your precious data from falling into the wrong hands or stop someone cloning your credit card and using it to buy a helicopter. What Google has done, though, is make it easier and quicker than ever before to make your device secure. Keeping it that way is still up to you.
What do you think? Is Lollipop a tough nut to crack, or is there more Google could do?