Video


New security features in Android 11

Posted: by Bartłomiej Balcerek

Category: mobile | cybersecurity | operating systems | android |

Android is currently the most popular operating system for mobile devices. In 2020, it has already had its 11th version. At the same time, Google introduced new features of the system aimed at increasing its security for users. What are these safeguards and how do they affect security?

Due to the mode of use, mobile devices, such as a mobile phone or tablet, often give the illusion that they cannot be exposed to cyberattacks. This is not true, because both the Android operating system and the individual applications available on it can be attacked. Mainly the threat comes from other applications installed from the Google Play Store.

It is worth mentioning here that the mobile applications available in the store undergo verification, but due to the volume of these applications, the verification cannot be performed in to detail. Unfortunately, this also makes these malicious applications easy to overlook. An unaware user can download them to his device and thus allow them to attack other applications. That is why it is so important to conduct security audits to detect weaknesses of the application. Google itself, in connection with the threats in the latest version of Android 11, introduced several improvements to improve security.

One-time access rights to the application

Some of the access rights an application may request are security-critical. Among them are location, microphone or camera – those related to user privacy. In Android 11, an application can access such functions one time.

Application must report the need for access again when trying to use the location or the microphone again. And so every time. Thanks to this, the user is more aware of the risks resulting from the provision of these functions in the application.

Reset application access rights

This option applies to applications that have not been used for a long time. In this case, the next time you start up, the Android operating system may ask the user to confirm access to the critical phone functions. The purpose is to reduce the number of granted access rights in the device's operating system and the risk of an attack on the data contained in the application.

Location download permission broken into two permissions

From now on Android 11 two location permissions will work. One will apply to the app that's in the foreground and the other will be for the app that's running in the background. The user must confirm that the application is allowed to get  the location several times. This will allow you to be more aware of where and in which application the location was entered.

Statistically, the need to get a location by the application that is running in the background is not essential. Therefore, such additional need may characterize a malicious or spyware application that poses a potential threat to user security.

Android component update

One of the new features in Android 11 is that system component updates will be distributed via the Google Play Store. Thanks to this, the user will not have to wait for the manufacturer of the mobile device to make the updated version of Android available. Now you will be able to update some of the operating system components on the same principle as updates individual applications installed on the device.

New security features in Android 11 – summary

In the era of cybercrime and the availability of professional spyware such as Pegasus (not for everyone, of course, but people interested in such tools now have easier access to them), this direction chosen by Google deserves recognition. Actions aimed at minimizing the threat of cyberattacks and increasing the security of users of mobile devices seem to be the most appropriate and worth following by other software producers.

No security measures can completely protect the application from attacks, so each mobile application should be properly and regularly checked. We often hear about new vulnerabilities in applications such as ZOOM or applications for mobile devices. The optimal solution is to conduct security audits on them. After obtaining the results of the tests, we introduce appropriate protection mechanisms that meet all the standards at the time of testing and the security requirements of modern IT systems.

Lemlock ebook. Expert Guidebook: Three vievs on cybersecurity
Udostępnij
Read more:
Step-by-step preparation for GDPR - checklist
GDPR

Step-by-step preparation for GDPR - checklist
An overview of the Regulation and its most frequently discussed issues
GDPR

An overview of the Regulation and its most frequently discussed issues
How was GDPR introduced? Facts.
GDPR

How was GDPR introduced? Facts.
Are you interested in a comprehensive solution
for your data security?
Consent to  data processing for contact purposes
I confirm that I have read the  information clause of Sagiton Sp. z o.o.

I hereby give consent to the processing of my personal data by the Personal Data Controller (hereinafter: "PDC") – Sagiton Sp. z o.o. ul. Fabryczna 19, 53-609 Wrocław, within the scope of: full name, e-mail address or telephone number, for the purpose of sale of products and services of Sagiton Sp. z o.o. and for the purpose of sending me feedback and making contact with me by Sagiton Sp. z o.o.

At the same time, I acknowledge that: at any time I can request the removal of my personal data from the PDC Sagiton Sp. z o.o. database, by sending an e-mail to [email protected], or a letter to Sagiton Sp. z o.o., ul. Fabryczna 19, 53-609 Wrocław, with a statement containing the relevant request, which shall result in the deletion of my personal data from the PDC Sagiton Sp. z o.o. database; I have the right to access my data; providing my data is voluntary, however refusal to provide it is tantamount to not receiving information regarding sale of products and services of Sagiton Sp. z o.o., as well as not receiving feedback and making contact with me by Sagiton Sp. z o.o.

In accordance with Art. 13 section 1 of the General Data Protection Regulation of 27 April 2016, (GDPR), we would like to inform you that the controller of your personal data is Sagiton Sp. z o.o. with its registered office at ul. Fabryczna 19, 53-609 Wrocław, e-mail: [email protected].

Your personal data shall be processed within the scope of: full name, e-mail address and/or telephone number in order to answer your question/request for contact and send feedback – pursuant to Art. 6 section 1 (a) of the GDPR, i.e. consent to the processing of personal data.

The data controller would like to inform you that your personal data shall not be disclosed to third parties.

Your data shall not be transferred outside of the European Economic Area or to international organizations.

Your personal data shall be processed until you withdraw your consent to the processing of data, as well as if the purpose for processing this data shall no longer be applicable.

You have the right to access your personal data, rectify it, delete it, restrict its processing, the right to transfer it, as well as the right to object.

In the case of giving your consent, you have the right to withdraw it at any time. Exercising the right to withdraw the consent does not affect the processing carried out before the consent was withdrawn.

You have the right to lodge a complaint with the supervisory body, i.e. the President of the Office for Personal Data Protection, ul. Stawki 2, 00-193 Warsaw.

Providing your personal data is a prerequisite for making contact with you by Sagiton Sp. z o.o. with its registered office at ul. Fabryczna 19, 53-609 Wrocław. In the case of not providing your personal data, Sagiton Sp. z o.o., shall not be able to contact you.

The Data Controller, Sagiton Sp. z o.o., would like to inform you that they shall not use your personal data for automated decision-making, which is based solely on automated processing, including profiling, and has legal effects for you or affects you significantly in a similar way.

Let's stay in contact