Android has had its security issues since the inception of the platform. Just in the last couple of months, we have seen various malware attacking the Android ecosystem. There was the extremely dangerous “BankBot” malware which targeted banking transactions of unsuspecting victims, and then there was one which turned your Android device into a cryptocurrency mining machine.
Although there are steps which users can take to protect their device against malware, it would have been better if Android system was so secure that users didn’t have to worry about malware attacks.
It seems that Google is realizing this fact, as the company has been releasing security updates for its Android platform quite vigorously. In a blog post published on their Android developers blog, Google had this to say,
“Over the past few months, we’ve covered how we’ve improved the security of the Android platform and its applications: from making it safer to get apps, dropping insecure network protocols, providing more user control over identifiers, hardening the kernel, making Android easier to update, all the way to doubling the Android Security Rewards payouts.”
Apart from the above-mentioned security updates, the launch of Android Oreo has helped Google to double-down on the security aspects of the Android platform. Here are the main security features along with the new security features introduced by Google with Android Oreo:
- Google Introduced a new version of its Verified Boot with the support for Android Oreo and Project Treble. Dubbed as the Android Verified Boot 2.0 (AVB), it has a couple of cool features to make updates easier and more secure, such as a common footer format and rollback protection.
- According to Google, Oreo also includes the new OEM Lock Hardware Abstraction Layer (HAL) that gives device manufacturers more flexibility for how they protect whether a device is locked, unlocked, or unlockable.
- Google is also focused on the importance of hardware-based security systems. It said that its Pixel 2 devices come with a security module which makes the phone resistant to physical penetration attacks.
- Any new device which is shipping with Android Oreo is required to implement “Key Attestation” which provides a mechanism for strongly attesting IDs such as hardware identifiers.
All these features along with speedy Android updates and security updates delivery made possible by Project Treble will make Android a far secure platform than it was ever before. I do believe that Google is working hard to fight the age-old security problems of Android, that said, will it win the fight or not is a question which can only be answered in the future.