/AndroidSecurityEvolution

Significant security enchancements of recent major Android versions.

Android Security Evolution

API last commit

Significant security enhancements of recent major Android versions, starting with Android 5.0 Lollipop (API 21).

Android 5.0 (API 21) - Lollipop

Security Enhancements - Android 5

Android 6 (API 23) - Marshmallow

Security Enhancements in Android 6

Android 7 (API 24) - Nougat

Security Enhancements - Android 7

Android 8 (API 26) - Oreo

Security Enhancements - Android 8

Android 9 (API 28) - Pie

Android 9 release notes - Security features

Android 10 (API 29) - Quince Tart

Security Enhancements - Android 10

Android 10 release notes - Security features

Android 11 (API 30) - Red Velvet Cake

Android 11 release notes - Secure

Android 12 (API 31) - Snow Cone

Security Enhancements - Android 12

Android 12 release notes

Android 13 (API 33) - Tiramisu

Security Enhancements - Android 13

Android 13 release notes - Security

  • Non-matching Intents are blocked by Intent filters (apps cannot send an Intent to another app's exported component unless it fully matches the Intent filter defined by it), see Intents should match declared intent filters section of Android 13 and Android 13 QPR release notes
  • Only File Based Encryption (FBE) is allowed, Full Disk Encryption (FDE) is no longer - not even for devices updated from a version that it was allowed
  • Shared UIDs are deprecated. It was used to share the sandbox access between two or more apps and the ability to run in the same process. It could cause non-deterministic behavior within the package manager so it would be removed in a future Android version. See Application Signing
  • Keymaster support for symmetric cryptographic primitives such as AES (Advanced Encryption Standard), HMAC (Keyed-Hash Message Authentication Code), and asymmetric cryptographic algorithms (including Elliptic Curve, RSA2048, RSA4096, and Curve 25519)
  • POST_NOTIFICATIONS runtime permission added for sending non-exempt (including Foreground Services (FGS)) notifications from an app, see Notification runtime permission
  • Added per-use prompt for apps requesting access to all device logs, giving users the ability to allow or deny access, see Manage your device logs on Android
  • Android Virtualization Framework (AVF) introduced, bringing together different hypervisors under one framework with standardized APIs.
  • APK signature scheme v3.1 introduced, with all new key rotations that use apksigner will use the v3.1 signature scheme by default to target rotation for Android 13 and higher.

Android 14 (API 34) - Upside Down Cake

Security Enhancements - Android 14

Android 14 Security Release Notes