With Google starting the rollout of its Android 7.0 Nougat to Nexus devices, the company this week reviewed some of the security enhancements it has incorporated in the mobile operating system.
Key among them are a new direct boot mode, a hardened media stack, improvements to the way Android handles Trusted Certificate Authorities, stricter enforcement of an existing verified boot feature and updates to the Linux kernel.
Also new with the operating system is an improved software update process that allows for security patches to be delivered over the air and installed on a user’s device without any user action or interruption.
Google started shipping Android 7.0 Nougat about two weeks ago. The company’s range of Nexus devices and its Pixel C tablet and General Mobile 4G smartphones will receive the new operating system first. Over the next few months, other handset makers are expected to incorporate the operating system on their devices as well. LG, one of the biggest manufacturers of Android smartphones in the world, is expected to be the first among them. The company has said that its new LG V20 smartphone, slated to ship this quarter, will come preinstalled with Nougat.
One of the most significant differences that users will see with the new Android version is their access to the phone app, alarm and messaging apps even before they type their PIN, password or pattern. The new direct boot capability in Android 7.0 ensures that the operating system is fully functional at boot time even as private application data remains encrypted and access to it limited until a password, PIN or pattern is entered.
“With this new encryption scheme, the system storage area, as well as each user profile storage area, are all encrypted separately,” said Xiaowen Xin, a member of the Android security team, writing in Google’s Security Blog this week.
Unlike the full-disk encryption on previous versions of Android, the more granular encryption support in Nougat allows devices to reboot into a normal functioning state by using just the device keys, Xin said. Starting with Nougat, Google will also begin requiring all Android devices to use trusted hardware modules for storing cryptographic keys as an added measure of protection against brute force attempts to bypass a user’s password, PIN or pattern.
With Android 7.0, Google has rearchitected and hardened the mediaserver component in Android, the source of the numerous critical libstagefright bugs reported over the past one year. Google has introduced what it describes as an integer overflow sanitization feature in Nougat that is designed to quickly shut down mediaserver-related processes when an integer overflow is detected. Google has also put the different components of its media stack into separate modules and tightened the permissions associated with each module to limit the overall attack surface of its mediaserver component, Xin said.
Meanwhile, an updated Verified Boot function in Nougat ensures that compromised devices are strictly prevented from booting so as to minimize risk to devices and applications. Earlier this year, Google also added new memory protections and attack surface reduction measures at the Android Linux kernel level to improve the overall integrity of the platform.