Android Oreo has been coming to numerous mobile devices the past few weeks. Before 2017 ends, OEMs have been busy rolling out their Oreo updates. This week alone, there’s ZTE for the Axon 7, beta for the Nokia 6, and another beta for the Samsung Galaxy S8. The Android developers have just shared the good news the next Oreo update includes more enhancements focusing on security. This means the networks will be more secure, more apps will be safer, and users have more control.
The Android team has dropped those insecure network protocols while kernels are hardened. Devs promise Android will be easier to update now. Payouts for Android Security Rewards have been doubled as well.
Hardware security for the platform is getting expanded support. The update includes a new reference implementation for Verified Boot. The Android Verified Boot 2.0 (AVB) makes future updates more secure and easier. It’s actually made possible by saving the updated OS using a special hardware or having the Trusted Execution Environment (TEE) sign data.
Android 8.0 also now features an OEM Lock Hardware Abstraction Layer (HAL). This allows OEMs more flexibility on how to protect their own devices. Google has invested support in tamper-resistant hardware. This has been ready on the Pixel 2 and 2 XL but other Oreo devices may need to implement key attestation.
For work-managed Android phones, enterprise data are made more secure by having encryption keys ejected from RAM when an admin locks the profile remotely or when a profile is off.
Improving Android security is also made possible by separating platform and vendor-code. Direct hardware access has been removed from media frameworks while Control Flow Integrity (CFI) has been enabled for media components. Other security enhancements include the following: Seccomp filtering, Hardened usercopy, Privileged Access Never (PAN) emulation, Kernel Address Space Layout Randomization (KASLR).
Android Instant Apps now run sandbox. It’s restricted so transmission, capabilities, and permissions are limited. WebView supports Safe Browsing as it now runs in an isolated sandbox.
SOURCE: Android Developers Blog