Google released the latest version of its Android mobile operating system on Monday, adding security features that it says will make it tougher for mobile device users to be subjected to “clickjacking” attacks that trick them into clicking on hidden or disguised user interface elements.
The company unveiled Android Version 2.3, also known as “Gingerbread,” on Monday along with the first phone running the new OS: the Nexus S, a co-development project between Google and Samsung. That phone features a 4″ display, support for gyroscope sensors, wireless Near Field Communication (NFC) and improved keyboard and copy/paste controls. Among the cool new features, however, Google also introduced support for so-called “touch filtering” which prevents UI elements that control sensitive functionality from being enabled at the same time as they are obscured by other UI elements – a technique sometimes referred to as “clickjacking” in the world of Web security.
The Gingerbread update is the first major release since May, when Version 2.2, dubbed “FroYo,” came out. The new version is optimized for game developers, allowing smoother animation and increased responsiveness and better input handling needed by high-speed mobile games. For games that use motion processing, there’s support for gyroscopes and other kinds of physical sensors. Gingerbread will also support for VP8 and WebM, open video standards, and support for AAC and AMR Wideband encoding.
On the security front, Google noted new options for application developers will make it possible to prevent users from being tricked into enabling or disabling sensitive functionality. Touch filtering features in 2.3 allow Android devices to note when a user view that provides access to sensitive functionality is obscured by another UI element or concealed. A new attribute, filterTouchesWhenObscured, when enabled, discards touches that are received when the view’s window is obscured by another visible window, according to a description of the feature in the Android Developer’s Reference. “As a result, the view will not receive touches whenever a toast, dialog oro ther window appears above the view’s window,” the Reference reads.
Clickjacking – the practice of tricking users into dis