With Android P, Google Stops Playing Catch-Up on Security
I've attended many Google conference sessions about Android security over the years and, for the virtually function, they focused on how well Google secures the globe's largest operating organisation. Only while execs talked well-nigh how Android had a different philosophy than a certain unnamed and more closed mobile Bone, they rarely directly addressed the pervasive belief that Apple tree is improve at security.
Google I/O 2022 was different. After the familiar discussions near philosophy and comparing the likelihood of downloading a dangerous Play Store app to being hit by lightning, things got measurable.
"The protective powers of Android is on par with whatever other platform," declared Dave Kleidermacher, Google's lead for mobile security.
To demonstrate that, he showed how the percentage of dangerous installations from the Play Shop went from extremely pocket-size to vanishingly tiny over time. Unsafe installations from outside the Play Store take dropped as well.
Kleidermacher attributed this to locking down permissions in the operating system and APIs, as well as investments in malware detection. For years, Google has been able to detect and track potential malware threats even when the user gets their apps from third-party stores. This has been a long-running project for Google, and highlights that about all malicious apps come from outside Google Play.
The all-time way to guard against attacks is to brand information technology expensive. "Nosotros work really hard to...make Android more difficult and more expensive to exploit," said Kleidermacher.
To demonstrate, he showed that the payouts for bug bounties and Pwn2Own competitions put a loftier toll on critical Android exploits. Similarly, Google has heard anecdotally that Android exploits for sale on the dark web have profoundly increased in price, Kleidermacher said.
"Lots of people want to purchase exploits," he said. "As exploits get more than difficult, the police force of supply and need says the price goes up."
Pushing Forward
Building from this, Kleidermacher outlined how Android P will allow the OS to be used for things previously thought likewise sensitive to trust to any mobile device—let alone an Android-powered one.
"Nosotros don't vote for prime minister from our phones," said Kleidermacher. "It'south our goal to break through that ceiling."
Fundamental to that is Android Protected Confirmation. These are confirmation screens handled by a sequestered Trusted Execution Environment (TEE), and tin be used to become secure verifications from a user. The TEE runs separate from the operating system, keeping information technology rubber from attack and manipulation. When a user is prompted to confirm an action, a screen appears instructing the user to press the power button to verify that information technology'southward indeed what they desire. The input, said Kleidermacher, is guarded in the TEE and signed past a cryptographic key that never leaves that secure surface area.
"Even if you had root level malware, the integrity of this code could not be corrupted," he said.
Protected Confirmation could be used to verify critical requests. On stage, nosotros saw examples from Duo Security and Royal Bank of Canada that used Protected Confirmations to verify logins and person-to-person coin transfers.
Most dramatic, however, was an insulin pump from Bigfoot Biomedical. A user tin can view their current insulin levels in Bigfoot's app, and and so select how large an insulin dose they want to receive. A Protected Confirmation screen appears, and if the user agrees by borer the power button, the pump will administer the insulin. The level of trust required to operate not but a medical device, but one that could actually injure or kill someone, is enormous. And Google seems to think that fourth dimension has come.
Some Strings Attached
The TEE is critical to making Protected Confirmations work, and that requires specific hardware. "Secure hardware is a huge focus area for us, because it can provide defenses to attacks that software lonely cannot handle," explained pb security product manager Xiaowen Xin.
This means some of the new security functions in Android P will require more just a device that runs a particular operating system, simply with specific hardware equally well. For instance, Kleidermacher told the audition that Google partnered with Qualcomm to ensure that its next-generation chipset volition have the Protected Confirmations API built-in.
Digital and Physical Privacy
Involvement in individual security has been running high in the wake of the Cambridge Analytica scandal, in which the data from millions of Facebook users was hoovered upward and perhaps used to target ads during the US election. Android volition exist addressing privacy in a few ways with Android P.
For one, P introduces Lock Down Mode, whereby your phone will no longer brandish notifications and non accept any class of biometric login. Only your Pin tin can reactivate the device. This is to guarantee security in a state of affairs when your device is out of your hands, like at a US border crossing. As we've seen, in that location'south niggling privacy available in this specific setting and biometrics, while convenient, are easier for constabulary enforcement to hogtie yous to supply.
Xin also explained that apps in the background will no longer be able to access the microphone, camera, or phone sensors. Apps can still get this information, but have to put some kind of persistent notification forwards and so users know exactly what has admission to their information and when.
Android P will too include TLS by default, which secures information while in transit. Any Android P device will require TLS regardless of the app transmitting data. That's important, because non all the features of Android affect apps that target older versions of the operating system. That's not truthful, at least for TLS.
Similarly, Xin talked almost how Android P volition be the first major OS to take DNS over TLS built in. Working with the Jigsaw squad, which created the DIY Outline VPN, this characteristic makes sure your data is securely delivered to a DNS resolver. A DNS resolver is basically a phone book for the spider web, which turns human readable URLs into machine-friendly IP addresses. By looking at DNS requests, ISPs and others can track your movements beyond the web. Not anymore with Android P.
Securing Keys and Biometrics
Google introduced native support for biometric login quite some time agone, merely this was limited to merely fingerprints. This was fine at the time, but new devices are using more than merely fingerprint scanners to identify users, Xin pointed out.
Android P will include a new Biometric Prompt that will identify what biometrics are available on the device, and automatically choose an appropriate option for the user. This new universal prompt would even piece of work with phones that have fingerprint readers embedded nether the screen, raising a tantalizing possibility for time to come Android hardware.
Additionally, the Android version of Chrome will support WebAuthn and FIDO2. The applied upshot, explained Xin, is that users will exist able to use their fingerprint to log in to websites through the browser.
Critical to expanding the employ cases for phones is creating and securing cryptographic keys in a tamper-proof environment. Xin described the fries in payment cards as the gold standard for verifying in-person transactions. Google hopes to emulate that same assurance with the next version of Android.
"With Android P, nosotros're now exposing APIs and so more applications on Android can take reward of this tamper-proof hardware," Xin said.
That hardware is essential for a new encryption key store called Strongbox. Xin said this volition be like a secure element, and have isolated CPU, RAM, and secure storage. Past emulating that gold standard, Xin said services like Google Transit could allow you to safely and confidently pay for a subway ride using a phone.
Strongbox will likewise be used for keybound keys, which are used to encrypt information on the device, and decrypt it just when the device is unlocked. The life of those keys, said Xin, is tied to the lockscreen. So, every bit always, use your dang lockscreen.
Android P will also expand on cryptographic key attestations kickoff introduced in Android Oreo. This allows apps to get critical information about the security of the device, the integrity of its keys, and whether it has been tampered with. For example, you could at present get bit-for-bit verification of the OS and ensure that it's a safe version.
Looking Forrad
Google has spent years making Android more secure, and it seems to exist paying off. Not only tin Google claim that it is coming together the competition on security, it is boldly proposing uses for phones that were unimaginable earlier. Whether that comes to laissez passer, and if Android can really move past a sometimes iffy security reputation, will depend as much on convincing the earth to trust it as much providing new technology.
Source: https://sea.pcmag.com/alphabet-outline/21079/with-android-p-google-stops-playing-catch-up-on-security
Posted by: fawcettanob1951.blogspot.com
0 Response to "With Android P, Google Stops Playing Catch-Up on Security"
Post a Comment