And touching on Samsung.
Looking forward to the deep-dive on P tomorrow. Big focus on shared devices.
Exchange in Gmail is a big focus for enterprise. Making the best enterprise native email client possible.
Android management API - always up to date as it’s built by the people who develop the Android operating system.
Users are the last line of defence against PHAs and security incidents.
To counter this, Android focuses first on making sure only those authorised have access with lockscreen tools.
Then all data is encrypted (has been since 5. Transitioned from full disk to file based more recently).
PIN+HW are used to generated encryption keys. Plus with rollback protection it’s possible to prevent downgrading in order to get around the security policies in place.
Talking again about Play Protect (well, it’s important ) scans on the device to protect against PHAs. Play Protect can forcibly remove PHAs from devices.
PHAs have dropped dramatically in recent years!
Sandboxing makes sure PHAs can’t access any data outside their own allocation without permission.
This is why we see so many PHAs asking for device admin permissions.
Work profiles take this further… sandboxing the profile the apps run within.
Patches are important (duh) but with SELinux again sandboxing prevents damage.
That’s no reason to not place a huge focus on OEMs pushing patches though.
Touching on Treble since we’re talking about patches.
“Project treble makes it easier to adapt new releases much faster”
Treble also provides much better hardware isolation
It’s no longer possible to dip into different HALs openly as it historically has been possible to do so. With HAL isolation Android is even more secure.
Fighting root with verified boot!
Making root persistent requires changing the underlying OS. VB runs through multiple checks of the partitions to ensure Iintegrity before allowing boot. Verified block-level, cryptographically.
VB is strictly enforced as of 7.0
Android P will add more capabilities for verified boot
Google haven’t seen a single exploit based on Stagefright.
Lots of talk about P… check out my post which summarises it -
Open Source is one of Android’s biggest strengths. It makes it so easy to find and fix bugs, no reverse engineering required.
As a result Android platform hacks are harder to find.