android-150Android has developed a bit of a reputation for poor security, especially compared to Apple iOS, thanks to numerous vulnerabilities like the recent Stagefright and the explosion of Android malware in recent years.

Google has certainly taken steps to address some of the inherent weaknesses in the Android platform, with Android 5.0 (Lollipop) adding features that merit closer inspection – as SophosLabs researchers Rowland Yu and William Lee have done in an excellent paper they presented at the recent Virus Bulletin International Conference.

Their paper – titled “Will Android Trojan, Worm or Rootkit Survive in SEAndroid and Containerization?” – examines these new security features in Android 5.0, and what they mean for data security in corporate devices.

As the paper explains, SEAndroid stands for Security Enhancements for Android, which enforces system-wide security policies to: prevent privilege escalation by applications; keep applications separate from each other and the system; and prevent the bypass of security features.

Containerization refers to the separation of an encrypted zone on the device, and the ability to manage access to the zone. “In other words, (containerization) not only secures data on device, but also controls how applications can access, share and use the data,” the SophosLabs researchers say.

However, SEAndroid and containerization have their limits, and can still be exploited by Android malware. Additionally, both fail to address the core problem of the Android permissions model, because it is difficult to distinguish between clean and malicious apps based only on permissions requested, the researchers say.

In their overview of the Android threat landscape, Rowland and William provide succinct explanations of the major categories of malware and potentially unwanted applications, including SMS senders, Trojan backdoors, spyware, ransomware, banking Trojans and rootkits.

The technical analysis of how existing malware will survive despite the security enhancements in Android 5.0 can’t be fully explained in a short blog post – but this SophosLabs paper is definitely worth a read for anyone interested in the evolution of Android malware and efforts to confront the continued insecurity in the Android OS.

Image of Android robot courtesy of Flickr user JD Hancock (Creative Commons license).