It’s only four days before Christmas and you’re probably done planning your menu. So what’s for dessert? Don’t go with the usual cake. Go for something special as Pie à la mode. Well, we won’t teach you how to make one but we’re serving you a different kind: Android Pie à la mode. The Android developers have just posted security and privacy details of Android 9 Pie. The new OS has been around for months but we don’t know everything about it.
The Android 9 Pie is described as more secure than ever, thanks to several anti-exploitation techniques and a hardened platform. The Android team was able to make major changes in Android Pie including upgrading File-Based Encryption to provide support for external storage media.
A BiometricPrompt API was presented so biometric authentication is allowed. The look is more standardized and authenticating is more reliable now.
When it comes to anti-exploitation enhancements, Android Pie expands security mitigations and enables by default the Control Flow Integrity (CFI) security mechanism.
The Android devs also implemented the Integer Overflow Sanitization to work on information disclosure vulnerabilities and memory corruption.
Google has invested heavily in hardware-backed security and continues to look into possible vulnerabilities. A mobile OS API–Android Protected Confirmation– was introduced to start critical transactions.
Other privacy enhancements introduced include the StrongBox Keymaster, limited access to background apps, new permission rules and permission groups, MAC address randomization, new defaults for Network Security Configuration, and DNS over TLS support.
SOURCE: Android Developers Blog