This Android Security team developer Gian G Spicuzza spoke about what’s new in Android Oreo for security. This next generation smartphone OS is made to be secure for the most personal device in the life of a person with both hardware security support, platform hardening, and process isolation. Device identifier changes join new layers of app security with Android Oreo as well.
Android was updated to include compliance with the IETF RFC 7844 anonymity profile. This means that net.hostname is now empty, and the device DHCP client no longer sends a hostname. Google included a MAC address randomization function in the code to keep devices relatively anonymous when connected to Wi-Fi.
Apps that require a device ID now need to ask for permission. Users must tap OK once more than normal to allow that information to be shared. Developers now need to work with Build.getSerial() API to get Device ID info from users. Both Android ID and Widevine values were made app-specific.
WebView has been split off from the rest of the web browsing code in Android, allowing Android Instant Apps to function securely. WebView supports Safe Browsing for Android Instant Apps, too. Android Instant Apps run in a restricted sandbox made by Google to keep them within the limits the user should most certainly be allowed to control.
Process Isolation and Platform Hardening
Media Stack Hardening in Android Oreo continues the work done to secure the platform on Android Nougat. Control Flow Integrity (CFI) was enabled for all media components, making it extremely difficult for control flow graph attacks to execute their nefarious plans.
Project Treble separates software updates from the final OS-level software they’ll replace, making updates simpler and more user-friendly. This works with the same principles as the sandboxing mentioned above. Platform and vendor-made code are separated to keep each component as controlled as possible.
Support for Hardware Security
This is the part I’m excited about. Android now has much more hardware-level security support than ever before. This expansion runs through the new OEM Lock Hardware Abstraction Layer (HAL) in combination with the devices bootloader. With the Replay Protected Memory Block (RPMB) included in Android code, the data within a stolen phone will remain private, even if the end user decides to reset the phone. The “LOCKED” state of the phone can be stored in RPMB or can be stored in dedicated hardware – this is where the hardware support comes into play, too.
Android supports physical chip security with Android Oreo and future Android updates. With this hardware and Android, the device encryption key cannot be unlocked without the device passcode. The passcode cannot be bruteforce attacked due to the limited number of times the device allows the malicious user to guess.
If that sounds familiar, it very well should. Apple had some massive amount of press on their iPhone hardware security back in February of 2016 with a very similar concept at work. With Android Oreo, manufacturers will be able to run similar hardware-level security for themselves.
More information on Android Oreo security can be found at the official Android Developers Blog at Google. Have a peek at the timeline below for more on the Android Oreo update – and when and how you’ll get it.