Android 4.2 Jelly Bean is now upgraded with added features.
The 4.2 Jelly Bean has been upgraded in order to improve the security of its apps. One feature it includes is the one that enables users to verify apps before the installation of the said application. Thus, this prevents harmful apps from being downloaded and installed into the gadget. An addition to this is the ability of blocking the app’s installation if it is harmful.
Android will be providing a verification if the application is trying to send SMS to a premium service short code that may add charge to the user. The user can then choose whether or not to let the app send messages or block them.
The newest upgrade will let the user configure VPN in a method that will not have the access to the network until the connection of VPN is strongly established. Additionally, the libcore SSl implementation is providing support for certificate pinning. Permissions have also been organized into groups. Moreover, a detailed information about the permission will be provided when the users click on it.
Furthermore, in Android 4.2.2, the applications will have export set to false by default for every content provider, usually targeted to API level 17, which sooner or later lessens default attack surface for apps. The update also lessens the probable attack surface for root privilege increase as the installed daemon does not run as the root user.
Android 4.2.2 has been customized to make use of the Open SSL for the default implementations of Cipher.RSA and SecureRandom. In addition to this, it also adds up to the SSL Socket support for TLSv1.1 and lessens default attack surface for apps. Security fixes for libpng, Open SSL, WebKit, and LibXML open source libraries.
Fred Chung of Android Developer Relations team noted that a suggested approach is to produce a truly random AES key during the first release and store that key in internal storage.