Fully encrypted (full Disk encryption, FDE)
High performance degradation for all flash data encryption
Nexus 6,nexus 9 cannot shut down Fde
For other devices, Google recommends opening
Multi-user support
4.2 has joined the multi-user support for the tablet, but the user configuration is too cumbersome, 4.3 has improved, 5.0 added support for the phone
The user is divided into four categories: Owner, Normal, Restricted, Guest
Normal user cannot see the app installed by owner
The guest user will be cleared at the next logon
BYOD Solution: Android for Work (Enterprise security)
Https://www.youtube.com/watch?v=FbVWtYPpzIs
Securely isolate the work app from the user's private app
Google was going to adopt Samsung Knox Lock technology, but didn't talk
SELinux
5.0 SELinux is executed in enforcing mode in all domains
In the previous 4.4, SELinux was only enabled in some important domains
Root is much more difficult
5.0 enhanced SELinux, the normal mode of the root is almost impossible, must be done by the brush kernel root, and the brush kernel need to unlock bootloader is feasible, we can bootloader on the basis of the lock, to achieve root
Android 5.0 Five security features