Google introduced Android 8.0 Oreo in August. Among many new tweaks and features, the most significant changes that Google has made in the new operating system are meaningful improvements towards security. The latest Android version has elevated security with the introduction of new device hardening features like Project Treble and Verified Boot as well as system alerts and device permission. Thanks to these improvements Android app developers can now stay assured for user-end device security and updates.
Android Oreo is based on a re-architected framework. Some big changes have been brought in which will doubtlessly impact users, Android app developers and device manufacturers. As per some security experts in the mobile industry, Google’s introduction to the Project Treble will be proved as a major milestone for Google itself, device vendors and users. The development has enabled the company to separate Android OS framework from vendor implementations. It means that vendors will be able to push updates to the new Android version without bothering about their own implementations that take more than enough time and thus the updates to the OS are delayed.
Almost all device makers implement device specific, lower-level software to their devices. Up until now, these were provided as the part of core OS which means upgrading the core OS would also require device makers to work on or rewrite or customise their own software. But now, Google has separated the core software from the device-specific software which means device vendors can provide the update for the OS as soon as it arrives.
Compartmentalisation by the Project Treble
A useful strategy implemented by Google in Android Oreo via the Project Treble is compartmentalisation of the OS. This adds to a better management not only of components but also of vulnerabilities. Google’s strategy behind it is to reduce Android’s attack surface.
By compartmentalisation, Google has intended to reduce the attack surface exposed to an app. It is a smarter approach to stop vulnerability like Stagefright.
The old model allowed hackers to achieve remote code execution via MediaServer when they are able to bypass SELinux with chained vulnerabilities. Some changes were made in Android Nougat where MediaServer functionalities split into several components like MediaExtractor and MediaDrmServer to prevent format string risks.
With accelerating the compartmentalisation of component, Google has also brought in a bevy of new hardware abstraction layers for the audio, camera and DRM servers inside the media framework.
With the reduction of user space attack surface, the focus by bad guys and researchers alike to finding vulnerabilities in the Android kernel has shifted. To deal with this shift, Android Oreo restricts access to the kernel through seccomp (short for secure computing mode) filter. It is a security feature called by filters system to the kernel using a configurable policy. This shuts down unused system cells which in results reduce Kernel attacks.
Alongside the major advancements, Oreo has better app management and controls, system alert, verified boot system and more secure protocols.