Top 3 Security Features In Android N

Android Security

During Google IO 2016, the search giant has revealed many changes coming to Android N, including improved user interface and under the hood changes, which would make it run faster and more secure. Most important of them are changes to security and here you can read about the three important security features Google is bringing to Android N.

Seamless Updates As Seen In Chromebooks

Android’s biggest strength is it is open source and anyone can make a device running the OS. Unfortunately, it also turns out to be its Achilles heel, as many OEMs who make Android devices fails to update the OS or deliver much needed security features. This results in high fragmentation in the ecosystem and very slow adoption to latest version Android.

For starters, currently Android has close to 1.4 billion active users, but only 7.5 percent of Android devices run Android 6.0 Marshmallow, while 80 percent of Apple devices run the latest iOS 9. This means most of the Android devices are running with various bugs and security related vulnerabilities. Google tried to address this issue by releasing monthly Android security patches. However, these are currently limited to Nexus devices and some high-end smartphones. Google tried to pressure handset makers into updating android on regular basis, but the whole initiative is going nowhere. While some OEMs committed to monthly updates, they have struggled to keep to that schedule for all their phones.

In Android N, Google plans to bring “seamless updates”. The “seamless updates” will use two separate system partitions as primary and secondary. The primary partition is the one you are running as you use your phone every day. When it is time for an update, the secondary system partition updated, and the next time you reboot it will become primary while the other becomes secondary. The next time there is an update, the other system partition is changed, and you switch back.

This also changes how updates are delivered and installed, as many users neglect to bother checking for updates. With the new update system, those patches will be applied in the background, in a sort of isolated instance of the operating system. Once the update is installed, all apps are optimized and on reboot, users will be using the latest version.

Media Server Hardening To Avoid Stagefright Fiasco

Stagefright fiasco made Android look really bad compared to its competitors. Stagefright is the collective name for a group of software bugs, that affect Android 2.2 (“Froyo”) and newer, allowing an attacker to perform arbitrary operations on the victim device through remote code execution and privilege escalation. Google has been trying to address this by releasing monthly Android security patches.

In Android N, the Media Server gets a big overhaul and Google has broken it into smaller components, which can be individually updated without a need for full system update. This means if any new vulnerability or bugs are found, then Google could release a patch through Play Store, instead of waiting months for OEMs and Wireless Carrier to release them.

In addition, the Media Server in Android N runs with low privileges, so even if an attacker exploits a vulnerability, he cannot get access to the rest of the system through privilege escalation. This will be a massive win for users, as it will make hacking an Android phone difficult.

Direct Boot & File-Level Encryption

Currently, Android uses block-level encryption or FDE (block-layer full-disk encryption), in which your entire phone storage is encrypted. It means, every time you reboot your device you are required to enter PIN or password to decrypt the storage before you can use the device. While this is a very secure, it also means that if you reboot your phone, you will not be able to receive any calls, or messages until you enter your password. In addition, low-end devices will perform poorly when encryption is on. Many OEMs disable encryption in low-end devices, sacrificing security for speed.

In Android N, Google uses a different approach by using file-level encryption for Authenticated Encryption with Associated Data (AEAD). AEAD along with the Direct Boot feature brings a two-level security scheme.

With Android N, when your device reboots, the device is encrypted and locked down. Only certain applications can run, and this is called Direct Boot mode. The Direct Boot splits everything into two groups. The first group, Device Encrypted Storage, is a storage location available during Direct Boot and after. Apps and data in this location are able to do things before a user even unlocks the device. It means you can still get phone calls and messages, but to do anything more than answer the phone you will need to unlock and decrypt the device.

The second storage area is the Credential Encrypted Storage. This is where all other apps and your data are stored. This area cannot be accessed until you enter your PIN or password. This means every app that is not in the first group will be completely encrypted and inaccessible until the user logs in. Once unlocked, the file-level encryption or AEAD allows us and applications to have a bit more control over how data is locked up. The presence of AEAD means that data is harder for an unauthorized user or application to access.

By using two-tier approach to security, low-end devices can perform better when encryption is active, meaning OEMs cannot blame sluggishness to disable it. In addition, when your phone reboots in your pocket for some reasons, you will still be able to attend incoming calls without needing to login to your phone.

While Android N brings more features and much needed bug fixes, these three features are what we consider the most interesting and important to improve the security on Android.Please remember that Android N also brings plenty of interesting upgrades to the platform and an improved user interface. We will cover some of them in future articles.

Raja Rajan Avatar

Help Us Grow

If you like this post, please share it with your friends.

You are free to copy and redistribute this article in any medium or format, as long as you keep the links in the article or provide a link back to this page.

Subscribe to Newsletter




Privacy Settings

Privacy & Cookie Overview

Our website uses cookies to provide you with the best user experience possible. These cookies are stored in your browser and perform essential functions such as recognizing you when you return to our website, as well as helping us to understand which sections of the website you find most useful and engaging.

To learn more, you can read our Privacy & Cookie Policy or reach out through our Contact form.

Strictly Necessary Cookies

Strictly Necessary Cookies must always be enabled to ensure the proper functioning of this website and to allow us to provide you with excellent service. These cookies are also essential for saving your cookie preferences.

Google Adsense

We use Google AdSense to keep this site free by displaying relevant ads. AdSense requires essential cookies that cannot be disabled, but you can manage other cookies. We respect your privacy and provide options to control non-essential cookies.

For more details on how Google handles your data, visit Google's Data Usage Policy. Please review our Privacy Policy for more information on how we protect your data.

AddToAny

We use AddToAny for social sharing. It doesnโ€™t store cookies, ensuring a privacy-friendly experience. AddToAny complies with GDPR and CCPA by default.

For more, see their Privacy Policy.

OneSignal

We use OneSignal to send notifications to users who opt in. OneSignal complies with GDPR and is certified under the EU-US and Swiss-US Privacy Shield frameworks.

For more, see their Privacy Policy.

3rd Party Cookies

This website utilizes third-party cookies, which can enhance your experience and support our ongoing efforts to improve our services.

Google Analytics

We use Google Analytics to collect anonymous data, such as visitor numbers and popular pages, to improve user experience and site performance. Keeping this cookie enabled helps us refine the site based on visitor activity.

For more information, see Googleโ€™s Privacy Policy.

Discover more from Prime Inspiration

Subscribe now to keep reading and get access to the full archive.

Continue reading