More consumer devices are coming with added enterprise features, and Google's Android OS is no exception.
Version 4.4 KitKat, the latest iteration of Android, features tools that make securing devices and developing applications easier. And Android versions 4.2 and up have SE Android, which gives IT more granular control over how applications and the OS interact.
While these improvements definitely play to enterprise IT administrators, they come with some caveats. For example, it's hard to control which features the security-enhanced (SE) Android blocks on devices, and modifying the security system requires rooting devices. In some cases, however, rooting devices might be a good move. Read on to find out more about the new Android features, plus learn how to modify SE Android and root devices.
What's new in Android 4.4 KitKat?
There are features in Android 4.4 KitKat for users, application developers and IT pros alike. Consumers will like the new design, faster performance, updated applications and better memory. For devs, there are new tools to access an app's memory profile, plus application programming interfaces to help build more responsive and efficient applications. Security improvements such as the addition of SE Android offer admins with hooks into users' Android devices more granular control over how applications and data can interact at the OS level.
What is security-enhanced Android?
The National Security Agency and Red Hat developed SELinux to provide OS-level security that can also act as an application-level firewall. When SELinux runs on an Android mobile device, it's called SE Android. It's a good tool to have enabled on users' devices because default Android security is based on discretionary access control. That means applications can ask for permissions, and users can grant or deny those permissions. Gaining permissions is one way that malware makes its way onto devices, and users sometimes grant applications unnecessary permissions without thinking. But SE Android uses mandatory access control that ensures applications work in isolated environments, so even if a user downloads a malware-laden app, that malware can't access the OS and corrupt the device. SE Android also comes with a policy that defines which actions an app is allowed to perform, denying all other actions by that app.
Can I modify SE Android?
Yes, it's possible to modify SE Android, and it's a task you may have to take on. Because SE Android restricts the actions that applications can take, the security measures may stop apps and device functions from working the way employees need them to. In that case, you may want to modify SE Android, but it involves rooting devices, which is a little difficult and comes with some risks. If you can get shell access and you're comfortable rooting devices, then you can learn a couple different things about SE Android. First, you can see if it's running in Permissive or Enforcing mode, and you can switch from one to the other. Enforcing mode offers more protection and is the default setting for Android 4.4, but versions 4.2 and 4.3 are in Permissive mode by default. You can also see if SE Android is blocking apps and functions that you don't want blocked. When you know which system calls are being blocked, you can write rules to allow Android features and apps that your users need.
How do I root devices?
Rooting Android devices isn't for everyone. It voids manufacturer warranties and it can brick devices if you do it wrong. You should have a really good reason to root devices, such as modifying SE Android or using a rooted device to build and test applications. That being said, there are a few steps to rooting Android devices.
First you have to find a ROM for the OS version and specific device model you're trying to root. It's important to get the exact right ROM for the Android device, and it's a task that can be difficult because some devices and OS versions don't have ROMs. Additionally, you need to find a ROM from a trusted source, because some hackers will load malware into ROMs that will open security holes in devices once you've rooted them. Next, you have to enable the USB debugging option on the device and install USB drivers on the PC you plan to connect the device to. When the device and the computer are both ready, connect them and load the ROM onto the device. If it works, your device will be rooted. If it doesn't work, your device will be a paperweight.