Android Oreo Improves Security Options

by Tech Mainstream Staff


December 28, 2017


Android Oreo Improves Security Options


With the arrival of Android Oreo, many new security features have been introduced. Among the security enhancements, "making it safer to get apps, dropping insecure network protocols, providing more user control over identifiers, hardening the kernel, making Android easier to update, all the way to doubling the Android Security Rewards payouts."

A new hardware feature, Android Verified Boot 2.0 (AVB), part of project Treble, includes a common footer format and rollback protection for more secure and easy updates. The new OEM Lock Hardware Abstraction Layer (HAL) allows manufacturers options on how they protect whether a device is locked, unlocked, or unlockable.

A security module, a physical chip found in Pixel 2 and Pixel2 XL, which "prevents deriving the encryption key without the device's passcode and limits the rate of unlock attempts, which makes many attacks infeasible due to time restrictions." New GMS devices Android Oreo shipped with Android Oreo are required to use key attestation. New security features have also been added for enterprise-managed devices

Part of Project Treble, HALs following the principle of least privilege, "only have access to the drivers and permissions that are absolutely necessary" and run in a distinctive sandbox. This separates platform and vendor code.

Removal of direct hardware access from Oreo media frameworks and Control Flow Integrity (CFI), a "robust security mechanism that disallows arbitrary changes to the original control flow graph of a compiled binary," have directly heightened security. Seccomp filtering, Hardened usercopy, Privileged Access Never (PAN) emulation, Kernel Address Space Layout Randomization (KASLR) round off the Oreo platform security advancements.

Android Instant Apps, which involves apps running in a restricted sandbox which limits permissions and capabilities. WebView security has also been increased by running it in a separate process and within an isolated sandbox that restricts its resources. Yet another security plus is the significant changes to device identifiers allowing users more control.

 

TECH IN A SECOND

2-25-21 Google says it’s working to get ‘Hey Google’ working on Wear OS again

2-25-21 Here's a list of the phones that were shipped the most last year. Can you guess which one is on top?

2-25-21 PS5 is again in stock at Target

2-25-21 RTX 3060 Listings Flood U.S. Retailers, With Prices Up to $629

2-24-21 Sony Electronics Launches FX3 Full-Frame Camera for Cinematic Look and Enhanced Operability for Creators

2-24-21 HP is buying gaming accessory brand HyperX for $425 million

2-24-21 Oppo's fancy Find X3 smartphone may have leaked online

2-24-21 Samsung will give you 100 days to try a Galaxy Z Fold 2 or Galaxy Z Flip 5G

2-23-21 iPhone 13 rumors: Apple could be adopting another feature Android has had for years

2-23-21 Samsung now updates Android for longer than Google does

2-23-21 LinkedIn is down so you can’t add anyone to your professional network

2-23-21 Anker beats Apple to market, new iPhone 12 MagSafe-compatible battery pack now available

2-23-21 Huawei’s new $2,800 foldable phone copies Samsung’s Galaxy Fold line

2-23-21 Sony is working on a new PlayStation VR headset for PS5

2-22-21 Perseverance rover beams back images from Mars after historic landing

2-22-21 Samsung's leaked concept videos may show its vision for AR glasses

2-22-21 Microsoft Word is getting text predictions next month

2-22-21 Alexa-enabled printer, Amazon’s first product from Kickstarter-like program Build It, hits preorder goal

2-22-21 3 things Android 12 can do that Android 11 can't

2-22-21 Apple Surpassed Samsung as World's Largest Smartphone Maker in Fourth Quarter

2-22-21 30,000 Macs infected with new Silver Sparrow malware

2-22-21 Samsung begins rolling out potentially life-saving smartwatch update

2-21-21 Samsung Galaxy Tab S7 Lite and A7 Lite tipped for a June launch

2-21-21 Apple Spring event is coming — but when will we see new iPad Pro, iPad mini 6 and AirTags?

2-21-21 WhatsApp to move ahead with privacy update despite backlash

2-21-21 iPhone 12 Pro Max vs. Galaxy S21 Ultra: Apple's and Samsung's luxe phones compared

2-20-21 Perseverance beams back first images of Mars

2-20-21 Samsung's future smartwatch is rumored to use Android, not Tizen

2-20-21 Ranked: Best browsers for privacy

2-20-21 New malware found on 30,000 Macs has security pros stumped

2-20-21 This is our first look at Android 12’s wallpaper-based theming system

2-20-21 Israel’s first university-made nanosatellite launches into space

2-19-21 Apple Updates Platform Security Guide, Says Kernel Extensions Won't Be Supported on Future Apple Silicon Macs

2-19-21 iOS 14.5 is on the way. What we know about a release date and new features

2-19-21 Stacked widgets and a new look for the lock screen may be coming to Android 12

2-18-21 Android 12 might finally solve one of the most annoying smartphone problems

2-18-21 LG Reportedly Assisting Apple on Foldable Display Development

2-18-21 Tim Cook says Apple is working on something that will be even bigger than the iPhone

2-18-21 Apple's M1 Mac Mini falls to an all-time low of $600 on Amazon

2-18-21 Apple TV now available on Chromecast with Google TV

2-18-21 Microsoft’s next major Windows 10 update focuses on improving remote work

2-18-21 Samsung’s One UI 3.1 update brings select Galaxy S21 features to older Samsung phones