At the recent I/O 2024 developer conference held in California, Google unveiled the second beta version of its Android 15 operating system, which is codenamed Vanilla Ice Cream. The company also provided a closer examination of the new security and privacy enhancements that will accompany this update.
Although the final version of Android 15 is still several months away, with a release planned for the third quarter of 2024, we can already delve into the new security capabilities this operating system will offer to Android users.
One of the most notable security improvements, though certainly not the only one, is a collection of new features aimed at safeguarding against smartphone theft and protecting user data. Google intends to make some of these capabilities available not just in Android 15 but also for earlier versions of the system, starting with Android 10, via service updates.
The first feature is factory reset protection. This will help prevent thieves from erasing a stolen device and quickly reselling it by allowing users to establish a lock that stops the device from being reset without the owner’s password.
Android 15 will also bring a so-called “private space” for applications. Certain apps, such as those for banking or instant messaging, can be concealed and secured with an additional PIN code, thus blocking thieves from accessing sensitive information.
Additionally, Google plans to implement security measures for crucial settings in the event that a thief manages to gain access to an unlocked phone. Modifying Find My Device settings or altering the screen lock timeout will necessitate verification using a PIN, password, or biometric data.
Moreover, there will be safeguards against thieves who might have discovered or observed the PIN code. Tasks like changing the PIN, deactivating anti-theft measures, or utilizing passkeys will require biometric verification. According to Google, this settings protection will be made available on select devices “later this year.”
Now, let’s discuss the new capabilities that will launch not only with Android 15 but also in versions 10 and higher. The first one is an AI-driven, accelerometer-based automatic screen locking feature. The screen will lock automatically if the system recognizes movements typical of someone snatching the phone and fleeing quickly on foot or by vehicle.
Furthermore, the smartphone will automatically lock if a thief attempts to keep it disconnected from the internet for an extended period. Users can also set up automatic locking for other scenarios, such as after a certain number of failed authentication attempts. Finally, Android will include remote locking, enabling users to secure their phone’s screen from another device.
Protection of personal information during screen sharing and recording is another focus of Android 15. This update aims to safeguard user data against scams like fake tech support. Scammers may request that the user share their screen (or record their actions and send a video) while instructing them to perform harmful activities (like logging into an account). This way, they can acquire important information, including login credentials and financial details.
First, in Android 15, screen sharing will, by default, only display the specific application the user is using, rather than the system interface (like the status bar and notifications, which could contain personal details). However, users will still have the option to switch to full-screen sharing if desired.
Second, regardless of whether the screen sharing is in full or app-specific mode, the system will only show notification details if the app developer has provided a specific “public version” of that information. Otherwise, the contents will remain hidden.
Third, Android 15 will automatically identify and conceal windows that contain one-time passwords. If a user opens an app window with a one-time password (for example, Messages) while sharing or recording their screen, the contents of that window will not be visible. In addition, Android 15 will automatically hide any login, password, or card information entered during screen sharing.
These measures safeguard not only against attackers who specifically target user data but also against the unintentional disclosure of personal information during screen sharing or recording.
Enhanced Restricted Settings
We’ve previously talked about the so-called Restricted Settings that Android offers from version 13 onwards. This provides extra protection against the misuse of two potentially risky features — access to notifications and Accessibility services.
You can find information about the risks linked to these features at the aforementioned link. Here, let’s quickly recall the core concept of this protection: Restricted Settings prevent users from giving permission to these features for apps not sourced from the app store.
Regrettably, in both Android 13 and 14, this protective measure is quite easy to circumvent. The issue lies in how the system determines whether an app was installed from the store or not, based on the installation method used. This allows a harmful app acquired from any source using an “incorrect” method to then install another harmful app using the “correct” method.
As a result of this two-step installation process, the second app is no longer flagged as dangerous, escapes restrictions, and can both request and obtain access to notifications and Accessibility services.
In Android 15, Google intends to utilize a different approach known as Enhanced Confirmation Mode. From the user’s standpoint, nothing will appear altered — the interface will work as it did before. However, “behind the scenes,” instead of checking the method of app installation, this function will reference an XML file incorporated into the operating system that includes a list of trusted installers.
In simple terms, Google is planning to embed a list of reliable sources for app downloads directly into the system. Apps downloaded from other sources will be automatically prevented from accessing notifications and Accessibility services. Whether this will effectively close the loophole remains to be seen following the official launch of Android 15.
Protecting one-time codes in notifications
Along with the enhanced Restricted Settings, Android 15 will introduce additional measures to defend against apps that intercept one-time passwords when gaining access to notifications from other applications.
This operates as follows: when an app seeks access to a notification, the operating system evaluates the notification and removes the one-time password from its content before delivering it to the app.
However, certain categories of apps—such as wearable device apps connected through the Companion Device Manager—will still have the complete content of notifications accessible. Consequently, malware developers might exploit this gap to continue capturing one-time passwords.
Warnings about insecure cellular networks
Android 15 will also roll out new features aimed at protecting users from attackers utilizing harmful cellular base stations to intercept data or surveil smartphone users.
Firstly, the operating system will alert users if their cellular connection is unencrypted, making their calls and texts susceptible to interception in plain text.
Secondly, Android 15 will inform users if a malicious base station or specific tracking device is monitoring their location via their device ID (IMSI or IMEI). To achieve this, the operating system will track requests from the cellular network to these identifiers.
It is important to note that both functionalities require support from the smartphone’s hardware. Therefore, they are unlikely to be available on older devices that upgrade to Android 15. Even among new models initially launched with Vanilla Ice Cream, not all will likely support these features—implementation will depend on the decisions of smartphone manufacturers.
New app protection features
Next in line for the security improvements in Android 15 are enhancements to the Play Integrity API. This service enables Android app developers to detect fraudulent activities within their applications and identify situations where the user may be at risk, allowing them to utilize various additional security procedures in those scenarios.
Specifically, in Android 15, app developers will gain the capability to verify if another app is running concurrently with theirs, recording the screen, displaying its windows atop their app’s interface, or controlling the device on behalf of the user. If such threats are detected, developers can, for instance, conceal particular information or alert the user about the potential danger.
Leave a Reply