With that in mind, first comes Security-Enhanced Linux (SELinux). The kernel add-ons makes it so that apps don’t have access to all files. You can pick from three options from SELinux: Disabled, Permissive and Enforcing. Permissive will log apps activity but won’t actually block apps root access and Enforcing does just that - blocking apps for maximum safety. This will bring almost desktop-like security options to Android, and with so many reports (true or not) about malware on the platform, it’s most definitely good news.
Secondly, the code mentions VPN lockdown. This is a change from the current model that allows data to be sent over regular connection when users sign out of a VPN network, and that won’t be possible with this new feature.
Finally, and probably most importantly, Android gets itself effectively rid of SMS scam schemes. How? Some apps work undercover sending paid text messages to select numbers without letting you know about it. You’d still have to pay hefty sums for those texts. Now, Google will simply detect whenever an app sends such a message and put out a message right away to warn you.
All of those seem like that extra coating of security Android needs, and shows how quickly the mobile OS is advancing and approaching desktop-like level.
source: Android Police