Slide show

How Android N addresses security

8:49:00 PM
How Android N addresses security

Google is making three big changes to Android with the coming "N" version.

There are a lot of code changes for Android N. Some things we can see — like the new notifications — and others we can't (but are still pretty massive). We see the same thing with every update. There are refinements and changes in the interface, but under the hood adjustments and changes are made to make Android run better, and safer.

We've been playing with the Android N beta, and sat through some sessions at Google I/O (and talked to some of the folks who actually work on things) to learn about the new stuff. That includes new changes to make Android even more secure — seamless updates, hardening of the media server and file-level encryption. Let's talk about what those are, and why they matter.

Seamless updates

Google already does "seamless updates" on Chrome OS, and it works really well. While Google hasn't talked about all the details, it looks like things will be very similar in Android.

Seamless updates will use two separate system partitions. One of them is the system you're running as you use your phone every day. When it's time for an update, the other system partition gets altered and updated, and the next time you reboot you're automatically switched over. The next time there is an update, the other system partition gets changed and you switch back.

That means things can be done while you're working or playing, and when it is finished all you need to do is reboot normally. You'd be surprised (I was when I heard it) but a pretty large chunk of people don't update their phone because it takes a while. They might have done it once, then sat there waiting, and decided to not do it again. It's easy to dismiss the notification. But by changing the procedure and making updates easier and eliminating the horrible wait time while seeing the "updating apps" dialog more people will do it.

Remember — not everyone is a nerd and jumps on an update as soon as they can!

Media Server hardening

Remember Stagefright? While it was blown out of proportion by much the media, there was a real issue there. Playing a media file and it having the ability to force you to reboot or lose all audio is a nasty issue, and the fact that (in theory) this could be used to secretly gain root permissions is even scarier. Google takes it very seriously and we see patches to the media server library every month to try and stay ahead of the bugs and security concerns that come with it.

In Android N, the media server gets a big overhaul. Google has broken up the media server into smaller components that can be updated outside of a full system update — just like they did with the WebView component. This means when they have a new patch you can grab the update from Google Play instead of waiting six months or more for the people who made your phone (Hello, LG) to send the patch out to you.

They have also changed the permission model for the media server, and it no longer has full system permissions. Running with low-privileges makes it even harder for anyone to crack into the system if they do get into the media server. This is a major change, and will make hacking an Android phone (the bad kind of hacking) even harder than it used to be.

File-level encryption

Previously, Android used block-level encryption to make the whole partition or storage device encrypted all at once. This was a very secure encryption method, and keeping the actual tokens out of the storage and in hardware pretty much meant the only way in was with the right password or PIN. With Android N, things have been changed to file-level encryption using the direct-boot feature for a two-level security scheme.

When your Android device boots up (or reboots in your pocket), the device is encrypted and locked down. Only certain applications can run, and this is called direct-boot mode. It means you can still get phone calls or have an alarm go off (or even see some message notifications), but to do anything more than answer the phone you'll need to unlock and decrypt the device. Once unlocked, N uses file-level encryption to allow us (the user) and applications to have a bit more control over how data is locked up.

There are two advantages at play here — FDE (block-layer full-disk encryption) makes low-end devices run pretty poorly. It took Google a few tries on the Nexus 6 to get it right, and any device with lower than 50 MB/s read and write flash storage hardware still struggles. The second (and more important) advantage is the using file-level encryption allows for Authenticated Encryption with Associated Data (AEAD). AEAD means that data is harder for an unauthorized user or application to get. For people interested in AEAD, here is a really good read from U.C. Davis professor Phillip Rogaway (.pdf file).

This multi-tiered approach to encryption will allow companies who make very budget-priced Androids to offer encryption without performance degradation. There is also a bit of controversial opinion about meta-data being able to be accessed (leaking) while using file-level encryption, so we'll have to wait until the final release of N is in the wild to see how Google handles that.

Will this have any meaningful impact?

These three changes sound great for people with Nexus phones. But what about everyone else? Android is open source and manufacturers can (and do) get a little silly and change things in the code. And there's the matter of updates to consider.

We don't think anyone making or selling Android phones is going to get in and muck with these core changes. Even if they do have the manpower and the specialists needed to do it, there is no reason. If things don't work exactly as expected, we'll know when the updates roll out to Nexus phones and we can wait for the point update. Any issues here will be ironed out by Google and Nexus users long before anyone at Samsung or LG is ready to send out an OTA.

Then there's the matter of updates themselves. While we tend to focus on high-profile phones like the Galaxy S or Note series, and expensive phones from LG or Motorola, the majority of the 1,600,000,000 plus Android phones out there get little to no support from the manufacturers. We get it. It's hard to justify the cost of maintaining a $100 phone that you made very little money from, but it still needs done if you value your customers. The majority of Android phones sold today probably wont ever see Android N, and the majority of the users probably don't know the importance or care if they do understand. Google can't do anything about this — they provide Android as source code and require just a few things to allow for the use of their services and applications. All Google can do is offer better software with each Android version, and provide monthly security bulletins and patches that manufacturers can incorporate into their own software as sold on the device. It does make a difference for future phone sales — it is no more costly to develop from the current Android version than it is from and older version — and that will means phones sold in 2017 will be more secure than phones sold right now.

For enthusiasts that use "pure" Android phones or top-shelf phones from big name companies like Samsung, these changes will matter and you'll likely see them soon(ish).

Labels , , , ,
Share this post

No comments:

Subscribe to: Post Comments (Atom)

social counter

[socialcounter] [facebook][https://www.google.com.eg/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&uact=8&ved=0ahUKEwiD89zM9ubMAhVJmBoKHRwUB68QFggcMAA&url=https%3A%2F%2Fwww.facebook.com%2FEgyptTrainingClub%2F%3Ffref%3Dnf&usg=AFQjCNEpwccZiX4Gyzgcvrxaal3zJPhaGw&sig2=KEWnIZaF9gUQpqT6h3CS2w&bvm=bv.122448493,d.d2s][215K] [twitter][#][115K] [youtube][#][215,635] [google-plus][#][102,114] [dribbble][#][14K] [rss][#][23M] [linkedin][#][21.5K] [instagram][#][600,300]

our facebook page

Advertisement

Advertisement

random posts

Popular Posts