Skip to main content

Android Lollipop's Best New Security Features

Besides receiving a major redesign and many new features, Android 5.0 Lollipop also comes with some strong security improvements that should keep users' data safer, if users actually take advantage of them.

Default Encryption

The first big improvement actually doesn't require anything from the user. All new Android Lollipop devices will be encrypted by default at boot, with a unique key that never leaves the device (an important feature of this type of encryption). The new iOS 8 has the same type of encryption, as well.

The only major computing platform that isn't doing default encryption with local key storage is Windows, but hopefully, Microsoft will add it to Windows 10 as another one of its security improvements by the time this new version is out.

There is one downside to this type of encryption, though: without a pattern lock, PIN or password, it doesn't help all that much. The data is fully protected only if some kind of lock exists. Otherwise, anyone who can pick up your phone can obviously still look through it and has access to all the data you would. However, even without a lock, it should still protect users' data against any remote attacker who tries to read it from the phone's memory.

Smart Lock

Because many people don't like to put a password or even a pattern lock on their phones, Google has come up with an alternative that's essentially just as easy (if not easier) to use than Apple's Touch ID.

This new feature is called Smart Lock, and it works very differently than Touch ID. Instead of requiring your fingerprint every time you open the phone, it completely eliminates the need to unlock the phone, as long as you pair it with another NFC- or Bluetooth-enabled device.

Once the two devices are paired, your phone can stay unlocked only when it's in the NFC or Bluetooth range of that device. As an example, you could pair the phone to a laptop or a Bluetooth-enabled TV, and whenever you're in the same room as those devices, your phone will remain unlocked. As soon as you get out of their Bluetooth range, your phone will lock itself again.

Bluetooth can have a relatively long range (10m), so if you decide to pair the phone with a smartwatch, which is much closer to your phone, it would be preferable to use NFC. Then, you won't have to worry about nearby hackers trying to steal data from your device in some way, because NFC has a very short range (4cm).

Just like fingerprint scanning security has the (major) downside that if your fingerprint is stolen once, then you can essentially never use that fingerprint again, Smart Lock has a downside as well. If you pair it with a smartwatch, it should protect your phone if lost or stolen, but if you get robbed, the thief might take your smartwatch as well, and then your phone is also vulnerable.

One way Google could fix this is by mandating a "panic button" to all Android Wear smartwatches, so that the phone would be immediately locked, and the pairing process would have to start again before the phone could be unlocked.

Improved Face Unlock

Android 4.0 Ice Cream Sandwich added an intriguing and futuristic feature – the ability to unlock your phone by having it scan your face. It's not quite retina scanning, but it's close. However, the feature was both slow, and it had poor security that could be relatively easily bypassed with a photo of the owner.

This feature has been overhauled for Android 5.0. It's not only much faster, but once you activate it, you may even forget it's there, scanning your face. The way it works now is that the device starts scanning your face as soon as the screen is on. By the time you finish messing with your lockscreen notifications, the scanning (and the unlocking of the device) should already be done. If the face scanning fails, you'll still be prompted for your PIN or password (if you have them set-up).

There's also good news in regards to the security of this feature (without which it wouldn't be more than a simple gimmick). Google hasn't given too many details on this yet, but apparently, instead of just taking a photo of the user's face, it now analyzes the user's face on an ongoing basis, so it should be much harder to try to trick the scan with a simple picture. When the device senses the user is not real, it locks itself.


SELinux, which stands for Security Enhanced Linux, was initially developed by the NSA and was released as an open source project back in 2000. It has been thoroughly analyzed since then, so the chance of having a backdoor should be nonexistent by now.

Android adopted SELinux for the first time in version 4.3, but only in Permissive mode. That didn't do much to improve security, but it was Google's way of testing it on Android in the real world before deploying a stricter mode, much like how Google implemented the Android Runtime in KitKat, but only uses it as default in Lollipop.

Starting with KitKat, Google enabled the Enforcing mode for SELinux, and Adrian Ludwig, Android's Lead Security Engineer said that in Lollipop the Enforcing mode is "required for all applications on all devices."

SELinux in Enforcing mode essentially restricts malware or even users with administrator/root privileges from doing certain damage to the system. It's "enforcing" a minimum level of security and app isolation that nobody can bypass. When it comes to security, that's usually a good thing.

Factory Reset Protection

Due to a rapid increase in smartphone thefts there has been much talk, and even a law passed in California, about smartphone "kill switches." Trying to avoid much stricter laws and potentially government-controlled kill switches, companies have promised to come up with their own kill switch technology before they are forced to do so in more places or countries.

Google came up with this new "Factory Reset Protection" feature that's available in Android Lollipop and requires a password before the device can be reset. This sounds much lighter-weight than a "kill" switch, or a technology that can brick devices, but that's probably for the best. This feature should stop thieves from trying to sell the device to someone else, or at least it should make it much harder to do so. The Factory Reset Protection would essentially get the same result as bricking the device, especially if the device is already locked and encrypted by default, so the thief can't access it in any way.

Unfortunately, unlike Apple, which has enabled a similar feature (called Activation Lock) for its new devices by default, Google has kept this feature opt-in only so far. If you want to take advantage of it, you have to enable it first. Google has presumably kept it opt-in only for Android Lollipop in order to test it first, but the company may also enable it by default in the next version of Android.

Security is never "complete," and thanks to Android's immense popularity in the mobile market which makes it a bigger target for attackers, Google will have its hands full. Hopefully, this means we'll continue to see significant security improvements in the upcoming versions of Android.

Follow us @tomshardware, on Facebook and on Google+.

Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.