Google has announced the release of the first developer preview of Android 14, the next major release of the world’s most popular mobile operating system, which includes security and privacy improvements, among other things.

From Android 14, apps will have to declare precisely how they plan to use certain features of the phone, data exchange between them will be limited, and additional files downloaded by apps will be read-only.

A highlighted security feature in Android 14 is to block the installation of malicious apps that target older API levels (Android versions), allowing for easier abuse of sensitive permissions.

Android 14 improves security

Starting with “execution receivers”, which allow apps to receive intents served by the system or other apps, all apps targeting Android 14 must declare whether they should receive information from other apps or whether they must be limited to the “emissions” of the system.

This new security measure continues the “Context.registerReceiver()” functionality introduced in previous versions of Android. It aims to prevent malicious apps on the device from intercepting or misusing broadcasts intended to reach other apps.

To further strengthen the exchange of information between apps and prevent malware from grabbing users’ sensitive data, Android 14 will also limit the sending of “intents” that don’t have a specified recipient.

With this new security enhancement, malware can no longer intercept intents sent by other apps and read their content.

The third security feature coming to Android 14 is “Safer Dynamic Code Loading”, which limits all files downloaded by an app to read-only mode.

This would help prevent some code injection scenarios involving manipulated executables that are meant to be run by privileged applications.

Finally, Android 14 will block the installation of harmful apps that target SDK versions lower than 23 (Android 6.0) to facilitate permission abuse.

“Malware often targets older API levels to bypass security and privacy protections that were introduced in newer versions of Android,” Google says.

“To protect against this, starting with Android 14, apps with a targetSdkVersion less than 23 cannot be installed.”

In Android 6.0 (2015), Google introduced a runtime permission model that required apps to prompt the user to grant access permission requests for sensitive operations such as the camera, microphone, GPS sensors, phone calls and SMS access when launching the app.

Malware targeting older versions of the SDK can specify this in the XML manifest file and request access to sensitive permissions during installation, which is easier for users to ignore and approve.

The new permission protection system will also prevent users from installing apps that haven’t been updated for a while. However, Google says that older apps already installed on devices upgrading to Android 14 will continue to work.

Android 14 is still a long way from its final form, and we might see more security features land on the second developer preview in March 2023.

If you want to test the new system now, you can only flash the system image on a Google Pixel device.

For more information on all the new features that landed in the first developer preview of Android 14, visit the developer website.



Source link