10 Major Security Enhancements Coming in Android 11
In Android 11, Google is building upon the previous changes to strengthen the protection offered by their mobile OS. Many of the new features will go unnoticed by the average end-user, but their impact is no less critical.
#1. No More Annoying Permission Prompts
Since Android 6.0, if an app requests access to something you don’t want it having, you can tap “Deny” on the permission prompt. New in Android 11, when you deny a permission twice, the OS interprets this as “Don’t ask again.” It will outright ignore future requests for that permission unless you manually grant access in Settings.
#2. Cameras & Microphones Are Even More Secure
Android 9 made it to where apps can’t access your camera or mic in the background. Now, even when you’re using them, a new foregroundServiceType attribute will control how much access apps have to these sensors.
#3. Improved Protection for Background Location
Apps can no longer ask for access to your device’s location in the background via an in-app prompt. Instead, apps targeting Android 11 must create a custom UI that clearly explains why the app needs background location. This can then direct you to the system settings page where you can grant this permission.
Image via Android Developer
#4. Scoped Storage (Again)
Android 10 introduced a new way for apps to interact with your phone’s storage — primarily, it limited their access to only the files and folders they need. This was known as scoped storage, and let just say its introduction didn’t go so well. The feature broke many apps, forcing Google to introduce an attribute which allowed them to temporarily opt-out of scoped storage.
For apps targeting Android 11, they will no longer be able to use this attribute to opt out. Users can see which apps have requested to read the internal storage by visiting Settings –> Privacy –> Permission manager –> Files and media. Apps under Allowed for all files meet this criterion. Note that in Android 11, these apps are limited to “read-only.” Only with the new “All files Access” permission will they be able to read and write all files within the shared storage, although they cannot access app-specific directories belonging to other apps.
#5. One-Time-Only Location Access
A new addition to the permission request prompt is the ability to limit permission access to one-time only. When selected, the app can use the permission only temporarily. When you reopen the app, it must request permission to use it again.
#6. Mobile Driver License Support
Android 11 includes platform support for secure storage and retrieval of government documents such as ISO 18013-5 compliant Mobile Driving Licenses. It will be a while before this technology gets widespread adoption by state agencies, but Android 11 is ready.
#7. Improved Call Screening
Call screening apps can now verify an incoming call’s STIR/SHAKEN status. As a result, such apps can now tell you the reason a call was rejected. The system-provided post-call screen can be customized to add user actions, such as marking a call as spam or adding it to your contacts.
#8. Better Biometrics
Android 11 is introducing categories for biometrics based on the level of authentication strength. The three levels are “Strong,” “Weak,” and “Device Credential.”
Strong is secure facial unlock (creating a 3D point cloud map of your face), fingerprint scanner, and iris scanner. Weak biometrics includes facial unlock using an RGB camera. Device Credential is for authentication methods using a screen lock credential (the user’s PIN, pattern, or password).
App developers can now choose which category of biometric they accept for their app. For example, while a banking app would want a “Strong” level, a password-protected notepad might be okay with “Weak” level biometrics.
#9. GPS Privacy
Android 11 introduces the GnssAntennaInfo class. This makes it possible for apps to use the more accurate dual-frequency GNSS, which can track you within centimeters of your position. This level of tracking can be dangerous to one’s privacy, so these antennae can only identify the device model and not the individual device. Also, this class will only be accessible by apps with location permission.
#10. Secure Audio Capture from a USB Device
When an app requests direct access to a USB audio device with recording capabilities but no audio record permission, a warning message will appear asking the user to confirm this permission. Android 11 ignores any “always use” options, requiring this permission to be granted each time the app requests it.
Post a Comment