The upcoming, newest version of Android – still only known as “Android Q” – will have many new and improved protections for user privacy. Google has now also outlined the changes aimed at enhancing the security of the devices running the new OS, as well as the data residing on or traveling to and from them.
In February, Google presented Adiantum, an alternative disk and file encryption mode for low-end Android devices that don’t have enough computation power to use the Advanced Encryption Standard (AES).
“Adiantum is designed to run efficiently without specialized hardware, and can work across everything from smart watches to internet-connected medical devices,” noted Rene Mayrhofer and Xiaowen Xin, of the Android Security & Privacy Team.
“Our commitment to the importance of encryption continues with the Android Q release. All compatible Android devices newly launching with Android Q are required to encrypt user data, with no exceptions. This includes phones, tablets, televisions, and automotive devices.”
For the encryption of data in transit, Android Q will have TLS 1.3 support enabled by default.
“TLS 1.3 can often complete the handshake in fewer roundtrips, making the connection time up to 40% faster for those sessions. From a security perspective, TLS 1.3 removes support for weaker cryptographic algorithms, as well as some insecure or obsolete features. It uses a newly-designed handshake which fixes several weaknesses in TLS 1.2,” they pointed out.
OTA security updates for core OS components
A few days ago, at its annual Google I/O developer conference, Google announced that, starting with Android Q, 14 of Android’s core OS components will be able to receive over-the-air security updates directly from Google (but device makers can decide not to take advantage of this).
To be able to do that, Google engineers had to split the components into stand-alone modules.
Sandboxes for software codecs
Google has been working on hardening existing Android protections. One of the announced changes includes isolating various media components into less privileged sandboxes.
“Most of Android’s vulnerabilities occur in the media and bluetooth components. Use-after-free (UAF), integer overflows, and out of bounds (OOB) reads/writes comprise 90% of vulnerabilities with OOB being the most common,” noted Jeff Vander Stoep, of the Android Security & Privacy Team and Chong Zhang, of the Android Media Team.
Tightly sandboxing these components within constrained processes is a big security improvement.
The company has also implemented a bound sanitizer in 11 media codecs and throughout the Bluetooth stack for Android Q, added integer sanitizers in more places, and several other tools for preventing common types of vulnerabilities.
Android Q will offer new provisioning and attestation features for company-owned devices, as well as security options.
“On devices with a work profile, IT admins can now block the installation of apps from unknown sources across the entire device, adding additional protections against potential malware in the personal profile. And with the deprecation of Device Admin APIs in Android Q, we’re enabling apps that require a lock-screen to check the quality of screen lock credentials and direct a user to set a stronger passcode,” Google software engineer Alex Kershaw noted.
They will also be able to do things like restrict input devices to work profiles, silently wipe work profiles, exempt apps from lockdown mode (which allows a device policy controller to block any network traffic that doesn’t use the VPN), and more.