Look at the security enhancements included in Android O.
- [Instructor] In Android O, Google has introduced some additional enhancements to make the platform more secure. They come in two categories: ubiquitous changes, which affect all apps running on the platform, and Android O enhancements, which require new capabilities to be invoked. In addition, there are enhancements to the security of native libraries. The first key change is to the startService call, which causes an exception if it's used in a situation where the service will be restricted, which is outside of a geo-fenced area.
Android O now no longer supporst SSL version three and when establishing an https connection, will no longer fall back to an earlier TLS version. This improves network security. Android O provides a security computing filter to all apps to strengthen its sandbox. This restricts the system calls that an app can make. Seccomp is a Linux feature which enables an app to make a one way transition into a secure state and this has been implemented in Android O as a filter rather than a transition.
Web content using webview is handled in a separate isolated process from the containing apps process, providing enhances security. Where apps opt-out of accepting Cleartext, webview will not be able to connect using http. It will be forced to use https. Android O apps will no longer be approved for all permissions in a group on the basis of gaining permission for one. All now have to be explicitly requested. Native libraries will no longer be loaded if they are both writable and executable in order to avoid dynamically changing code.
This provides substantial hardening for apps which use native libraries. There are numerous smaller changes in the Android O release affecting the way developers code the request for access and permissions which help to avoid inadvertent mistakes. Android O continues the strategy of continuous improvement of security in the Android platform.
- Understanding Android OS, app, and hardware security components
- Using the Trusted Execution Environment
- Developing Android apps with security in mind
- Analyzing existing applications
- Understanding Android vulnerabilities
- Securing Android apps
- Developing secure enterprise apps