With Android 7.0 rolling out, Google is starting to talk a little more about what’s under the hood and one of the big features is improved security. As part of the improvements to file systems, fingerprint security and boot options, they’ve also effectively removed the Stagefright vulnerability.
The Stagefright vulnerability – a bug that affects Android’s media play-back engine – first showed up in July last year, its discovery led to monthly security updates for Android such as the one released this morning. The patches are only effective as long as your manufacturer implements them, but in Android 7.0, Google has effectively gotten rid of them. How did they do it?
In Android Nougat, we’ve both hardened and re-architected mediaserver, one of the main system services that processes untrusted input. First, by incorporating integer overflow sanitization, part of Clang’s UndefinedBehaviorSanitizer, we prevent an entire class of vulnerabilities, which comprise the majority of reported libstagefright bugs. As soon as an integer overflow is detected, we shut down the process so an attack is stopped. Second, we’ve modularized the media stack to put different components into individual sandboxes and tightened the privileges of each sandbox to have the minimum privileges required to perform its job. With this containment technique, a compromise in many parts of the stack grants the attacker access to significantly fewer permissions and significantly reduced exposed kernel attack surface.
The Android team also implemented Verified Boot, an improved version of SELinux, Kernel hardening which includes parts that are read-only and APK signature scheme v2 which improves the speed at which an APK can be verified.
So, in other words in Android 7.0 Stagefright is effectively negated by stopping the ways that it overloaded the Android Media Server.
The improved security in Nougat also includes other features like Direct Boot which make your phone faster to boot. Direct Boot means you can access functions like the phone app and your alarm clock before entering your pin while still maintaining a secure system. These features mean you can get calls or get woken up if your phone reboots overnight while charging.
A new encryption system which separates the full-disk encryption introduced in Lollipop into file-based encryption with separate areas including system sand user profile storage. The per-profile encryption allows basic usage before pin entry, with developers able to allow basic app usage on an opt-in basis. Of course once you enter your pin, you can use it fully.
Google has also implemented new app permissions in Nougat, which lets them control which apps access the file systems and networks. There is also improvements on permissions security.
Lastly the update process gets a lot better with a dual-partition system that lets updates be installed in the background on one partition, with the phone switching to the updated partition on the next boot. And a bonus for those sick of the ‘Optimising Apps’ dialogue after updates, with the new JIT compiler, you won’t see this any longer.
Google is looking to improve still, advising if you have any feedback to contact them at [email protected].
no mention of the fingerprint security improvements?