Android Police has some details about the new security features that may be introduced with Google's Android 4.2 update. The site analyzed a leaked system dump of an upcoming LG Nexus phone, and discovered that Google is working on several security features, but it's unknown how many of these will be fully implemented (or cut) by the time 4.2 rolls out.
First up is SELinux (Security-Enhanced Linux), a set of kernel add-ons and user-space tools that can be used to limit user programs and system servers to the bare minimum of privileges they need to function. It's basically a lock-down mode that minimizes the potential damage a malicious program can cause. The site says this seems to be an optional mode for security conscious enterprise and government users.
Next they discovered support for "Always-on VPN", a setting to configure the phone to only send data while connected to a VPN, and not when connected over the regular Internet.
The third new security feature discovered by Android Police is "Premium SMS Confirmation", a feature to prevent malicious apps from sending texts to premium numbers and steal your money:
If you're having a hard time reading through the programming junk, the main message says " would like to send a text message to [number], which is a premium SMS short code. Sending a message to this destination will cause your mobile account to be billed for premium services. Do you want to allow this app to send the message?" It's a nice, clear message that will pop up whenever an app tries to send a text to a short code. You're then allowed three options, "Send message," "Don't send," and "Report malicious app."