Google has a history of getting creative with its Android mobile security features. Who could forget 2011’s Face Unlock, courtesy of Ice Cream Sandwich—or the failing that let photos fake it out? Now the Android security team has another concept called Smart Lock, and it’s heading to Lollipop next month.
See also: 3 Ways Android Lollipop’s Default Encryption Won’t Protect Your Phone Data
Android 5.0 will allow your Android device to unlock another that you own, just by being nearby. For instance, an Android Wear smartwatch could unlock your phone; someday, Android Auto might do the same.
Safety First
The Smart Lock feature relies on close-range wireless pairing of Android gadgets via Bluetooth or NFC that allows them to recognize each other and grant access. It makes intuitive sense; if one of your “trusted” Android devices is near another, it’s very likely that both are in your possession, and not in the hands of a thief.
The idea, according to Android lead security engineer Adrian Ludwig, is to take the annoyance out of security and authentication for end users, many of whom don’t want to bother with PIN codes, passwords or pattern unlocks on. And if Smart Lock fails for any reason, your passcode or pattern still serves as backup security.
See also: Google Unveils New Nexus Devices, A Media Player And Android 5.0 Lollipop
Smart Lock looks like an intriguing step forward. And it’s hard to deny the convenience of letting one Android gadget unlock another. (It’s also hard to deny the fact that this helps make the case for buying multiple Android devices.)
However, there’s just one concern: If a crook snatches my messenger bag or purse with both my Nexus phone and tablet in there, the security feature intended to lock my data down could be the thing letting the thief access my device.
The same concern might arise if someone—a housemate or family member, say—lifts your smartwatch from its charging cradle while you sleep and uses it to unlock and rifle through your phone. I’ve pinged Google for more information on how Smart Lock might behave in such situations, and I’ll update when I hear back.
Getting Down To Business
Earlier this year, Android earned the dubious distinction of being the mobile platform with the most malware slung at it. Clearly Google doesn’t want anyone to panic about that. Instead, it wants people to feel secure, and not just individual consumers.
To that end, Android started using Security Enhanced Linux (SELinux) last year. Now Lollipop requires SELinux for all applications on all Android gadgets. With this, the system can audit processes and monitor for “potentially hostile apps,” said Ludwig, to spot trouble before attacks can put your data up for grabs.
It may seem counterintuitive to base security on open-source Linux. But Google argues that having so many contributors with deep knowledge working on the code makes for an even stronger and more reliable system.
Android, which has long used “sandboxing” tactics to isolate apps and limit the reach each one has, seems to be evolving. And it needs to, if it wants to go beyond individual consumers and fill some of the void BlackBerry has been leaving behind with companies and government agencies.
Not that Android hasn’t already gained interest from that sector. In fact, Samsung’s Galaxy devices, one of the platform’s biggest success stories, just became the smartphones of choice for the National Security Agency.
Android security is not a one-and-done deal, but an ongoing effort to battle “the bad guys.” Let’s hope that while swinging our bats at them, we don’t wind up clunking ourselves on the head.
Lead photo by Adriana Lee for ReadWrite; all others courtesy of Google