Android Oreo Improves Security Options

by Tech Mainstream Staff


December 28, 2017


Android Oreo Improves Security Options


With the arrival of Android Oreo, many new security features have been introduced. Among the security enhancements, "making it safer to get apps, dropping insecure network protocols, providing more user control over identifiers, hardening the kernel, making Android easier to update, all the way to doubling the Android Security Rewards payouts."

A new hardware feature, Android Verified Boot 2.0 (AVB), part of project Treble, includes a common footer format and rollback protection for more secure and easy updates. The new OEM Lock Hardware Abstraction Layer (HAL) allows manufacturers options on how they protect whether a device is locked, unlocked, or unlockable. A security module, a physical chip found in Pixel 2 and Pixel2 XL, which "prevents deriving the encryption key without the device's passcode and limits the rate of unlock attempts, which makes many attacks infeasible due to time restrictions." New GMS devices Android Oreo shipped with Android Oreo are required to use key attestation. New security features have also been added for enterprise-managed devices

Part of Project Treble, HALs following the principle of least privilege, "only have access to the drivers and permissions that are absolutely necessary" and run in a distinctive sandbox. This separates platform and vendor code. Removal of direct hardware access from Oreo media frameworks and Control Flow Integrity (CFI), a "robust security mechanism that disallows arbitrary changes to the original control flow graph of a compiled binary," have directly heightened security. Seccomp filtering, Hardened usercopy, Privileged Access Never (PAN) emulation, Kernel Address Space Layout Randomization (KASLR) round off the Oreo platform security advancements.

Android Instant Apps, which involves apps running in a restricted sandbox which limits permissions and capabilities. WebView security has also been increased by running it in a separate process and within an isolated sandbox that restricts its resources. Yet another security plus is the significant changes to device identifiers allowing users more control.

 

Upcoming Tech Events

February 5-7, 2019- SaaStr Annual 2019

February 12-15, 2019- IBM Think 2019

February 13-14, 2019- Mobile Growth Summit 2019

February 19-23, 2019- 2019 DNN Summit

March 19-21, 2019- 2019 OFA Workshop

April 3-5, 2019- MarTech 2019

April 10-11, 2019- Digital Summit 2019

May 20-23, 2019- DataWorks Summit 2019

May 22-24, 2019- Coveo Impact

May 23-24, 2019- Women in Tech Festival

June 10-11, 2019- Microsoft Business Applications Summit

June 17-19, 2019- Salesforce Connections 2019

July 15-17, 2019- MozCon

July 16-18, 2019- Marketing Artificial Intelligence Conference

September 9-11, 2019- Digital Transformation Connect