en/security/enhancements/enhancements60.html - platform/docs/source.android.com - Git at Google

 page.title=Security Enhancements in Android 6.0
 @jd:body

 <p>Every Android release includes dozens of security enhancements to protect
 users. Here are some of the major security enhancements available in Android
 6.0:</p>
 <ul>
   <li><strong>Runtime Permissions</strong>. Applications request permissions at
     runtime instead of being granted at App
     install time. Users can toggle permissions on and off for both M and pre-M
     applications.</li>
   <li><strong>Verified Boot</strong>. A set of cryptographic checks of system
     software are conducted prior to
     execution to ensure the phone is healthy from the bootloader all the way up to
     the operating system.</li>
   <li><strong>Hardware-Isolated Security</strong>. New Hardware Abstraction
     Layer (HAL) used by Fingerprint API, Lockscreen,
     Device Encryption, and Client Certificates to protect keys against kernel
     compromise and/or local physical attacks</li>
   <li><strong>Fingerprints</strong>. Devices can now be unlocked with just a
     touch. Developers can also take
     advantage of new APIs to use fingerprints to lock and unlock encryption keys.</li>
   <li><strong>SD Card Adoption</strong>. Removable media can be
     <em>adopted</em> to a device and expand available storage for
     app local data, photos, videos, etc., but still be protected by block-level
     encryption.</li>
   <li><strong>Clear Text Traffic</strong>. Developers can use a new StrictMode
     to make sure their application doesn't use
     cleartext.</li>
   <li><strong>System Hardening</strong>. Hardening of the system via policies
     enforced by SELinux. This offers better
     isolation between users, IOCTL filtering, reduce threat of exposed services,
     further tightening of SELinux domains, and extremely limited /proc access.</li>
   <li><strong>USB Access Control:</strong> Users must confirm to allow USB
     access to files, storage, or other
     functionality on the phone. Default is now <em>charge only</em> with access
     to storage requiring explicit approval from the user.</li>
 </ul>
	page.title=Security Enhancements in Android 6.0
	@jd:body

	<p>Every Android release includes dozens of security enhancements to protect
	users. Here are some of the major security enhancements available in Android
	6.0:</p>
	<ul>
	<li><strong>Runtime Permissions</strong>. Applications request permissions at
	runtime instead of being granted at App
	install time. Users can toggle permissions on and off for both M and pre-M
	applications.</li>
	<li><strong>Verified Boot</strong>. A set of cryptographic checks of system
	software are conducted prior to
	execution to ensure the phone is healthy from the bootloader all the way up to
	the operating system.</li>
	<li><strong>Hardware-Isolated Security</strong>. New Hardware Abstraction
	Layer (HAL) used by Fingerprint API, Lockscreen,
	Device Encryption, and Client Certificates to protect keys against kernel
	compromise and/or local physical attacks</li>
	<li><strong>Fingerprints</strong>. Devices can now be unlocked with just a
	touch. Developers can also take
	advantage of new APIs to use fingerprints to lock and unlock encryption keys.</li>
	<li><strong>SD Card Adoption</strong>. Removable media can be
	<em>adopted</em> to a device and expand available storage for
	app local data, photos, videos, etc., but still be protected by block-level
	encryption.</li>
	<li><strong>Clear Text Traffic</strong>. Developers can use a new StrictMode
	to make sure their application doesn't use
	cleartext.</li>
	<li><strong>System Hardening</strong>. Hardening of the system via policies
	enforced by SELinux. This offers better
	isolation between users, IOCTL filtering, reduce threat of exposed services,
	further tightening of SELinux domains, and extremely limited /proc access.</li>
	<li><strong>USB Access Control:</strong> Users must confirm to allow USB
	access to files, storage, or other
	functionality on the phone. Default is now <em>charge only</em> with access
	to storage requiring explicit approval from the user.</li>
	</ul>