When introducing a new operating system, users tend to focus more on the changes of the appearance or, at best, on its performance. Meanwhile, security features and security improvements are ignored at least by the general user. Although improvements and new security features are often not in the news headlines for a new version of the operating system, they are of great importance. It is so important that can play a key role in deciding to upgrade the current operating system. Here are some of the advantages of the 8th version of the Android operating system, which show that upgrading to this version is a wise task.
More precise and secure control of installing applications from various sources
Unlike Apple's products, the Android devices allow users to manually install different apps or use non-Google Play resources to install apps. This is a great attraction for many Android users, and in some cases for some of them, it's the main reason to choose Android platform instead of iOS. However, the installation of software from various sources can bring some serious security risks.
The manual installation method of Android has changed considerably with Oreo. Unlike previous versions of Android, where you set a single option to let manual installation of apps from any source, Oreo now requires the user to decide per-app. For example, you can allow manually installing apps from a specific source, but block installing downloaded apps from another source.
Verified Boot 2.0
Android Verified Boot is a security feature that Android uses since version 4.4 (KitKat). Some Android malware can use root permissions to hide, which makes it unrecognizable for security programs. If the main structure of the operating system is tampered with, this feature will prevent the device from booting.
However, hackers could downgrade the device to an older version of Android and bypass verified boot. Now Oreo comes with the second version of this feature called Verified Boot 2.0, which supports a mechanism called Rollback Protection. This feature is designed to prevent a device from the boot when it is downgraded to an older or more vulnerable version of the operating system.
This is done by storing the operating system version information on specific hardware, which currently Pixel 2/2 XL handsets are equipped with. Google is recommending manufacturers to implement this feature in their future products.
The Treble project was originally designed to speed up the roll-out of new versions of Android by device makers. However, the project is essentially a redesign of the Android structure that separates the specific code from the operating system framework, notwithstanding the device type.
Aside from faster updates, Treble also has a key advantage regarding security. Given the modular structure and better separation, threats in one section have less chance to affect other parts of the system.
The Hardware Abstraction Layer (HAL) provides an interface between hardware and software systems. This condition implies direct access to Kernel drivers, which makes the HAL layers have additional permissions and access to hardware that is not necessarily required. In Oreo, every HAL runs in its own sandbox, which results in less abuse of application permissions and hardware drivers. The sandbox is a security mechanism for isolating the running code so that the presence of flaws or vulnerabilities in each of them has the least impact on the entire system.
Abandoning Insecure SSL version
SSL/TLS network protocols are used to secure communications on the Internet. In 2014, researchers at Google discovered a security vulnerability in the third version of SSL. With the release of Oreo, Android no more supports this old and insecure version.
At the same time, Oreo no longer supports the TLS Version fallback. TLS Version fallback is a compatibility solution for connecting to servers that use an older TLS implementation. Removing this solution provides better security for end users when communicating with the Internet.
Oreo also supports a tamper-resistance hardware which stores sensitive information such as your passcode, PIN or lock pattern. Storing the information on a chip will make it more difficult for physical attackers to access your personal info. Google's Pixel 2 was the first product that was equipped with a dedicated hardware security module to protect your phone's lock screen passcode from physical attacks. Oreo fully supports this hardware.
This hardware is equipped with dedicated RAM and other components that allow it fully control its execution. Google claims that this module can even defend itself from external attempts to manipulate. This hardware structure provides a high level of security by completing software security mechanisms.
Physical security keys
All experts recommend that you use two-step validation as much as possible, although using the unique code in the second step of this process can be troublesome. The U2F Physical Security Keys are provided to replace the second validation stage to make the process easier for users.
Oreo OS supports physical security keys that can connect to your smartphone via Bluetooth or NFC. Of course, developers should now implement the feature in their applications, so it will take some time for these products to be seen extensively on the market.
At a higher level, Oreo restricts access to the Kernel using a new Seccomp filter. According to Google, Oreo can use this filter to shut down unused system calls and reduce kernel attacks. As a result, the probability of kernel exploitation by malicious software decreases significantly.