After just a few hours with a shiny new Nexus 5X running the latest version of Android 6.0 AKA “Marshmallow” release, a few behaviors have already caught my attention as welcomed security and privacy changes for the user-experience. (A few other items have caught my interest as points of potential vulnerability, but I’ll leave that for another day.)The first thing I noticed is that NFC was disabled upon initial setup of the Nexus 5X. I’m not 100% sure if this setting may have been associated with my Google account, but either way, keeping NFC disabled until something needs it is the best policy in my opinion.Unfortunately, after enabling NFC, I am able to force applications to load on the 5X and perhaps manipulate settings with this interface.Another more noticeable change is with the permissions model. In my experience, working with previous versions of Android, apps declare the permissions they require within the application manifest and then after installation, they are able to make use of these permissions without further explicit user consent.Now, it seems that Google has borrowed slightly from other mobile platforms by adding a secondary notification to the user when an application wants to access certain data or functionality even if that application is a Google application. Most notably, I have found that Hangouts requested access to my contacts, Google’s search requested access to the camera, and Android Pay prompted for location data.
This added layer of security is a nice step for Android and may prove helpful in fighting back against an onslaught of privacy invasive applications. As it turns out, this is only a small part of the tasty Marshmallow privacy controls Google and friends have added to Android.In a page from CyanogenMod’s playbook (and a throwback to the Android 4.3/4.4 hidden app permission manger), users can now turn on and off individual application permissions with a clean interface inside the ‘Apps’ menu or the ‘App Info’ screen. This means that if you really want some functionality from an app but you are concerned about it having access to certain permissions, you can simply revoke those permissions from the app with the flip of a switch.
While these may be the highest impact changes for most users, a few other aspects caught my attention, as well. Specifically, having gone directly from Nexus 4 to Nexus 5X, this is the first Android device I have where encryption was enabled right out of the box.Although device encryption is not always going to protect data on the phone, it is an important feature, and I’m happy to see Google making good on their promise to do this after they previously took a step back by not encrypting older devices along with the Android 5.0 updates.Along the same lines, I’m also happy to see that the device can be locked down, so that after a restart (or cold boot), the device can require the unlock code rather than just a fingerprint. While not perfect, this option helps provide a good blend between the convenience of fingerprint unlocking and the security of password or PIN locking.The last thing I want to mention for now is the ‘Android security patch level’ field now present in the ‘About Phone’ settings. Complimenting the new monthly update cadence, this is an easy to understand indicator for end users as to how up-to-date their device actually is. Rather than having some obscure build number, this field clearly indicates the patch level in a meaningful month/day/year format.Title image courtesy of ShutterStock