Chiang Mai Computer Club
Would you like to react to this message? Create an account in a few clicks or log in to continue.

Android "Q": Google Moves Android Security Forward Significantly

Go down

Android "Q": Google Moves Android Security Forward Significantly Empty Android "Q": Google Moves Android Security Forward Significantly

Post by bdahm Fri May 24, 2019 11:37 am

Note: Steve Gibson, security guru, is impressed by the significant advances Android has made in Security. The one mentioned below is just one of those. There's some good news and some not so good news, however. You will not be able to take advantage of the benefits from this development unless you purchase Android hardware that comes with Android "Q" already installed. For some people that means they won't see it until they purchase a new device. For most people, that will be a bit of a wait. Comments below as reported in Steve Gibson's podcast, "Security Now".

[size=32]Android “Q”[/size]
With "Q", Google moves Android security forward significantly:
From Google I/O: 14 Android OS modules to get over-the-air security updates in real-time Google announces a new way for delivering Android security updates for core OS components.


Stephanie Cuthbertson, Senior Director for Android: "Your regular device gets regular security updates already but you still have to wait for the release, and you have to reboot when they come. We want you to get these faster. Even faster. And that's why in Android Q we're making a set of OS modules updateable directly over the air, so now these can be updated individually as soon as they're available and without a reboot of the device."


In a project known internally as Project Mainline, Google's developers have spent the past year working to split several OS core components into separate OS modules. These modules, despite encompassing a core service of the Android OS, will work like Android apps which are able to receive security updates on-the-fly through the Google Play Store.
Once a security update is available, Google says it will push the update to all devices supporting this mechanism. The device will stop that particular OS component, apply the update, and restart the component without having to shut down the rest of the OS.


The 14 modules that can be updated in this fashion are: ANGLE, APK, Captive portal login, Conscrypt, DNS resolver, Documents UI, ExtServices, Media codecs, Media framework components, Network permission configuration, Networking components, Permission controller, Time zone data and Module metadata.
They are all internal core services, so lacking any user-facing surface. But they are often the components that are the most security troubled.


The Verge, who did some reporting on this, learned that individual device makers will be able to opt out of using this new feature (but why would they?). As would be expected, Mainline is only supported on Android Q, and only handsets that will be shipping with Android Q installed by default will be able to use it. Devices running previous versions of Android which are then updated to Q will not be able to use Mainline's on-the-fly upgrade features.
Android "Q": Google Moves Android Security Forward Significantly 5f5696af-ac41-424e-9e7b-b28697335441Android "Q": Google Moves Android Security Forward Significantly 612537f6-a273-4292-ab11-cb2de96896be
Security Now! #714 8
On Android Q devices where the phone maker chooses for whatever reason not to support the Mainline features will continue to receive whole-system security updates in the traditional fashion -- in one big update, either over-the-air from the phone maker or mobile carriers.


Besides this improved system for security updates, Android Q also comes with 50 other improved privacy and security features, which Cuthbertson described as the main focus of this release.


This includes support for TLS v1.3, MAC address randomization, increased control over location data, and support for new more granular settings allowing users to check which apps have access to a particular permission -- providing the option to revoke an app's access if desired.


What’s New in Android Q Security / Last Thursday the 9th
https://android-developers.googleblog.com/2019/05/whats-new-in-android-q-security.html?linkI d=67173930


Encryption
Storage encryption is one of the most fundamental (and effective) security technologies, but current encryption standards require devices have cryptographic acceleration hardware. Because of this requirement many devices are not capable of using storage encryption. The launch of Adiantum changes that in the Android Q release. We announced Adiantum in February. Adiantum is designed to run efficiently without specialized hardware, and can work across everything from smart watches to internet-connected medical devices.


Our listeners will recall from our coverage of this back at the start of February that "Adiantum" uses the ChaCha20 stream cipher in a secure length-preserving mode. Unlike AES, which does not perform well on processors lacking some hardware support for it (Intel has added specific enhancements called AES-NI - for "New Instructions"). The bit-level manipulations required by AES require the use of many simple instructions. But ChaCha20 only uses basic instructions that are fast on all processors. This makes it an ideal cipher for lower-end systems.


: Our commitment to the importance of encryption continues with the Android Q release. All compatible Android devices newly launching with Android Q are required to encrypt user data, with no exceptions. This includes phones, tablets, televisions, and automotive devices. This will ensure the next generation of devices are more secure than their predecessors, and allow the next billion people coming online for the first time to do so safely.


However, storage encryption is just one half of the picture, which is why we are also enabling TLS 1.3 support by default in Android Q. TLS 1.3 is a major revision to the TLS standard finalized by the IETF in August 2018. It is faster, more secure, and more private. TLS 1.3 can often complete the handshake in fewer roundtrips, making the connection time up to 40% faster for those sessions. From a security perspective, TLS 1.3 removes support for weaker cryptographic algorithms, as well as some insecure or obsolete features. It uses a newly-designed handshake which fixes several weaknesses in TLS 1.2. The new protocol is cleaner, less error prone, and more resilient to key compromise. Finally, from a privacy perspective, TLS 1.3 encrypts more of
Android "Q": Google Moves Android Security Forward Significantly E4a56220-b658-4c67-8270-262cc1c7ee97Android "Q": Google Moves Android Security Forward Significantly 456a3369-53df-4f92-a707-58945f63a1fd
Security Now! #714 9
the handshake to better protect the identities of the participating parties.


Platform Hardening
Android utilizes a strategy of defense-in-depth to ensure that individual implementation bugs are insufficient for bypassing our security systems. We apply process isolation, attack surface reduction, architectural decomposition, and exploit mitigations to render vulnerabilities more difficult or impossible to exploit, and to increase the number of vulnerabilities needed by an attacker to achieve their goals.


[ I like the phrasing of that. It's a sober and realistic expression of the truth of the challenges facing any highly-targeted platform. And Android is arguably the #1 most targeted platform in the history. ]
: In Android Q, we have applied these strategies to security critical areas such as media, Bluetooth, and the kernel. We describe these improvements more extensively in a separate blog post, but some highlights include:

  • ●  A constrained sandbox for software codecs. (We'll be focusing upon that detail in a second)
  • ●  Increased production use of sanitizers to mitigate entire classes of vulnerabilities in
    components that process untrusted content.
  • ●  Shadow Call Stack, which provides backward-edge Control Flow Integrity (CFI) and complements the forward-edge protection provided by LLVM’s CFI.
  • ●  Protecting Address Space Layout Randomization (ASLR) against leaks using eXecute-Only Memory (XOM).
  • ●  Introduction of Scudo hardened allocator which makes a number of heap related vulnerabilities more difficult to exploit.


    Authentication
    Android Pie introduced the BiometricPrompt API to help apps utilize biometrics, including face, fingerprint, and iris. Since the launch, we’ve seen a lot of apps embrace the new API, and now with Android Q, we’ve updated the underlying framework with robust support for face and fingerprint. Additionally, we expanded the API to support additional use-cases, including both implicit and explicit authentication.


    In the explicit flow, the user must perform an action to proceed, such as tap their finger to the fingerprint sensor. If they’re using face or iris to authenticate, then the user must click an additional button to proceed. The explicit flow is the default flow and should be used for all high-value transactions such as payments.
    Implicit flow does not require an additional user action. It is used to provide a lighter-weight, more seamless experience for transactions that are readily and easily reversible, such as sign-in

Security Now! #714 10
and autofill.


Another handy new feature in BiometricPrompt is the ability to check if a device supports biometric authentication prior to invoking BiometricPrompt. This is useful when the app wants to show an “enable biometric sign-in” or similar item in their sign-in page or in-app settings menu. To support this, we’ve added a new BiometricManager class. You can now call the canAuthenticate() method in it to determine whether the device supports biometric authentication and whether the user is enrolled.


What’s Next?
Beyond Android Q, we are looking to add Electronic ID support for mobile apps, so that your phone can be used as an ID, such as a driver’s license. Apps such as these have a lot of security requirements and involves integration between the client application on the holder’s mobile phone, a reader/verifier device, and issuing authority backend systems used for license issuance, updates, and revocation.


This initiative requires expertise around cryptography and standardization from the ISO and is being led by the Android Security and Privacy team. We will be providing APIs and a reference implementation of HALs for Android devices in order to ensure the platform provides the building blocks for similar security and privacy sensitive applications. You can expect to hear more updates from us on Electronic ID support in the near future.


SO..... This is all great news for the most-used operating system platform in the world... But what I really want to know is what dessert "Q" is going to be???


-Bill 

bdahm
Admin

Posts : 682
Join date : 2009-05-15
Age : 81

http://www.tinyurl.com/thaijournal

Back to top Go down

Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum