So 2015 to 2016 was not a good year for security on the Android platform. Among the list of high profile security issues, it was the Stagefright vulnerability that took center stage. The vulnerability pointed to a soft and unsecure underbelly of the Android media stack, and that was where the hacks could have started – malicious entities pointing to trap websites and malicious media files that when played, could give a hacker access to elevated permissions in your device. A response from Google was needed, and the issue literally birthed the monthly security bulletins from Google. Now they seem to have learned their lessons in implementing better security in Android Nougat.
First up, Google says Nougat will give you a better boot process and better encryption. Before, people who have file encryption enabled in their devices would have to enter their PIN/pattern/password by default during the boot process to decrypt the storage area of their devices and finish booting. With a new feature called Direct Boot, the device’s main features like the phone app or the alarm clock are already running even before the user inputs the PIN.
Android Nougat continues with Marshmallow’s encryption mantra where all capable devices were required to support encryption and use unique trusted hardware keys. Nougat also requires this of all new capable Android devices, and it provides brute force protection while verifying your lock screen credential before hardware keys are applied.
Talking about the media stack, Google had already started the “hardening” of this vulnerable element even within Marshmallow – we talked about this here – and are now applying mediaserver hardening to Nougat. In addition to that, features like Verified Boot and an updated SELinux configuration reduces attack vulnerability.
Lastly, there are app level security measures now in place with Nougat. Apps that share and use data with other apps now must explicitly opt-in by offering their files for inspection through a content provider. Nougat also restricts access to device identifiers such as MAC addresses to prevent apps from sending this unique information out to malicious hackers.
If you want to check the whole announcement, click on the source link below to get in depth information on the security enhancements that come with Android Nougat.
SOURCE: Google
