The advent of Android 4.2 Jelly Bean brings new security features to the platform, features that have been required for a while to protect users from the many dangers associated with malicious apps.
The new security features are built natively into Android 4.2 Jelly Bean, and the most vital of them, is in essence similar to the Bouncer feature rolled out for the Google Play store in February this year. While the Google Play store is now supposedly cleaner because this feature, Android users are still at risk when sideloading apps from other sources.
Completely opt-in, the ‘verify app’ feature can be toggled from the ‘Security’ section of Android 4.2 settings. Each time users download and sideload an app, it is sandboxed, with virtual walls put up between the app and other software on the device. A pop-up box will then ask user if they want to check the app for potentially ‘harmful behaviour.’ The device will then send information about the device to Google’s servers, and compare it with a database of known applications.
Even if the app is not also listed on the Google Play store, Google is confident it can detect if it is safe or not, as the company says it is constantly scanning the web for newly appearing APKs, and has a good understanding of how the ecosystem works. If the app under scrutiny is detected as safe, the installation will continue, if it is detected as dangerous, it will prevent you installing it. If however, the app is questionably secure, but not strictly harmful, the user will have the option to continue with the installation.
According to Google, the app installation process will not be greatly slowed down by the new security process, as most of the processing happens on the company’s servers, and the user device only has to send an APK signature onward.
As for the other new security features, Google has also introduced an improved app permissions screen, for sideloaded apps, which is apparently much simpler to read than before. Android 4.2 also brings a scanning feature, that detects any attempt by an app to send a text message to a known fee-collecting short code (premium number), and will alert the user. The user will have the option to then allow, or deny the app from continuing with sending.
Source: Computer World