- Android Pie brings a rich set of new security and privacy-enhancing features.
- Android developers have implemented this type of new systems across all areas of the OS’s functionality.
- Android Pie users will be harder to exploit by malicious apps and websites.
Android Pie, the ninth major update of the Android operating system is slowly finding its way to mobile devices around the world, with adoption rates to rise in 2019. Android developers figured that now it was a good time to summarize some of the most prominent security and privacy features that they implemented in the latest Android version this year, sharing its strengths against previous versions and hopefully speeding up its spread to the userbase. Here are the main ways through which Android developers have strengthened Pie in terms of security:
- In Pie, the “File-Based Encryption” that was introduced in Android 7.0 has been updated to support external storage media as well. This extends the encryption to elements such as directory layouts, file size data, user group permissions, etc.
- With the rise of biometric authentication systems, the Pie brought a new “BiometricPrompt API” that allows developers to implement the relevant systems with coherence to the overall UI experience.
- On the front of the “Application Sandbox”, the developers have added a stronger security layer using SELinux, protecting the OS against overriding attempts by malicious apps by implementing a per-app cryptographic authentication to the sandbox.
- A new security mechanism called “Control Flow Integrity” has been implemented and activated by default in Pie, protecting the users against NFC and Bluetooth exploitation.
- The compiler-based security mitigations have been updated to manage the failing process of runtime operations that showcase undefined behavior.
- Finally, the memory corruption and malicious integer operations that can lead to the stealing of data by malicious parties will be harder on Android Pie, as the developers have implemented a new security system that processes such inputs before approving them, called “Integer Overflow Sanitization”.
- Protection of private keys in Pie now comes with the new “StrongBox Keymaster” that is a component of the hardware security module. The new security module comes with a tamper-resistant packaging, uses a dedicated processor and storage, and features a true random number generator for the generation of more secure keys.
- A new API named “Android Protected Confirmation” makes use of the Trusted UI to carry out transactions out of the OS framework, allowing developers to implement high-protection user approval interfaces.
- Better protected and encrypted backup data that sits behind a passcode so attackers and apps cannot access it.
- Android Pie comes with a new approach in relation to the access that apps can have to the camera, microphone, and the sensors of the device, so new permission groups have been added to allow developers for a more targeted permission screen.
- MAC address randomization has been added in order to enhance privacy when connecting to a Wi-Fi network.
- Support for DNS over TLS has been added to the Pie, automatically converting HTTP traffic to encrypted HTTPS if the server supports it.
Are you happy with the security insights that Android Developers have announced for the Pie version? Let us know in the comments section below, and don’t forget to subscribe on our socials on Facebook and Twitter to stay in tune with all that is going on in the tech world.