Hi

I just copied and summarized the security-related changed in Android 4.4, 5.0 and 5.1. Enjoy guys!

  

Custom permission

Android 5.0 prevents the installation of apps if they define a custom permission that is already defined by an existing resident app.

 

Web view

The WebView default behavior was changed to block mixed content. Please do not use: setMixedContentMode..

 

SSL default configuration

Android 5.0 introduces changes to the default TLS/SSL configuration used by apps for HTTPS and other TLS/SSL traffic:

• TLSv1.2 and TLSv1.1 protocols are now enabled
• AES-GCM (AEAD) cipher suites are now enabled
• MD5, 3DES, export, and static key ECDH cipher suites are now disabled
• Forward Secrecy cipher suites (ECDHE and DHE) are preferred

 
Read more →