Android Pie also
Android Pie, which is the 9th major version of the popular OS was launched earlier this year in March 2018 as a beta version and followed with a full release in July 2018, has seen a slow adoption rate with less than 1% of all Android device on Pie.
Though it is not uncommon for newer versions to take some to be rolled out to existing smartphones, or newer launches, mostly due to issues that take time to resolve and overcome.
Android Pie is also going through that phase. It has faced and overcome issues with battery life.
There are loads of new features, like Adaptive Battery that prioritises apps that you are most likely to use next, improved quick settings menu, notification bar and slicker UI in general. It supports notches natively, ensuring no performance degradation due to custom code developed by OEM and tighter integration, a news gesture-based system as good as iPhone X among others.
However, in this article, we take a look at the improvements in security and privacy features that has been built in the latest edition of Android.
Android Pie focuses on OS Hardening and platform-wide security
Android Pie is by far the most secure Android version till date with
Several platform security features and updates
a) File-Based Encryption (FBE) has been present since Android 7.0, however, it didn’t support external storage configured as adoptable storage, instead, users opting for FBE were forced to use external storage media as traditional storage.
With the latest update, File-Based Encryption has been extended to support external storage media, thus solving a major problem for budget smartphones which usually have low internal storage.
b) The latest update also has metadata encryption to complement File-Based Encryption (FBE), wherever hardware supports it. With metadata encryption, FBE is further secured by encrypting any content that is not encrypted by FBE (such as metadata) using an encryption key, which is further protected by a Keymaster secured by a verified boot.
c) Android Pie supports biometric authentication natively using BiometricPromp API, providing a standardised and optimised method, with a consisted user interface across devices.
d) SELinux Sandboxing protects users from rogue apps trying to gain privileged access and permissions. Each app is segregated using this sandbox and the access phone wide data is controlled using per-app cryptographic authentication.
New updates built in several exploit mitigation
e) Compiler-based security mitigations is updated to handle errors that haven’t been defined and minimise failure impact to ensure the app fails safely, preventing rogue apps from misusing such errors.
f) Control Flow Integrity (CFI) has been enabled by default, to minimise the risk of malwares trying to redirect flow of execution of program by disallowing any changes to original control flow.
g) Expanded scope of Integer Overflow Sanitization to ensure attemps to create numeric values outside of the prescribed range, and related memory corruption attacks are caught early and mitigated
Using harware to increase security
h) Android Protected Confirmation API uses hardware protected UI (Trusted UI) to ensure critical transactions are completed outside of the main mobile system. This API is used to display Trusted UI prompt and request permission using physical means, such as push of a physical button. The process allows apps to complete a sensitive operation using signed messages.
i) StrongBox Keymaster is a hardware abstraction layer (HAL) based Keymaster that resides in hardware security module. This new type of Keystore protects encryption keys using tamper-resistant hardware.
Increased focus on user privacy
j) Limiting access to apps running in the background to resources like camera, microphone, and other device sensors,
k) Backup encryption using the user’s own screen lock mechanism (any of PIN, Patter, or Password) ensures the backed up data remains secret and inaccessible to attackers.
l) TLS by default protects users from web pages that do not encrypt web traffic, ensuring users don’t lose their personal information such as password, financial information, credit cards, etc. There is also built-in support for DNS over TLS protecting the information about IP addresses visited and other information being sniffed on the network.
The security aspect trumps minor issues with Android Pie
While there are small issues that will continue to be fixed and patched by the Android community, the security aspect and upgrades makes it important enough to upgrade immediately.