Live: Android Enterprise Partner Summit 2018


(Jason Bayton) #21

And touching on Samsung.


(Jason Bayton) #22

Looking forward to the deep-dive on P tomorrow. Big focus on shared devices.


(Jason Bayton) #23

Google Play Protect, scanning 50Bn apps per day on and off the Play Store.


(Jason Bayton) #24

Exchange in Gmail is a big focus for enterprise. Making the best enterprise native email client possible.


(Jason Bayton) #25

Android management API - always up to date as it’s built by the people who develop the Android operating system.


(Jason Bayton) #26

As of 2017, 85% of devices with a fingerprint sensor running 8.0 had a secure passcode.


(Jason Bayton) #27

Users are the last line of defence against PHAs and security incidents.

To counter this, Android focuses first on making sure only those authorised have access with lockscreen tools.

Then all data is encrypted (has been since 5. Transitioned from full disk to file based more recently).

PIN+HW are used to generated encryption keys. Plus with rollback protection it’s possible to prevent downgrading in order to get around the security policies in place.


(Jason Bayton) #28

Talking again about Play Protect (well, it’s important :blush:) scans on the device to protect against PHAs. Play Protect can forcibly remove PHAs from devices.

PHAs have dropped dramatically in recent years!


(Jason Bayton) #29

Sandboxing makes sure PHAs can’t access any data outside their own allocation without permission.

This is why we see so many PHAs asking for device admin permissions.

Work profiles take this further… sandboxing the profile the apps run within.


(Jason Bayton) #30

Touching on security updates.

30% more devices patched YOY. Well done OEMs.


(Jason Bayton) #31

Patches are important (duh) but with SELinux again sandboxing prevents damage.

That’s no reason to not place a huge focus on OEMs pushing patches though.


(Jason Bayton) #32

Touching on Treble since we’re talking about patches.

“Project treble makes it easier to adapt new releases much faster”

Treble also provides much better hardware isolation


(Jason Bayton) #33

It’s no longer possible to dip into different HALs openly as it historically has been possible to do so. With HAL isolation Android is even more secure.


(Jason Bayton) #34

Fighting root with verified boot!

Making root persistent requires changing the underlying OS. VB runs through multiple checks of the partitions to ensure Iintegrity before allowing boot. Verified block-level, cryptographically.

VB is strictly enforced as of 7.0


(Jason Bayton) #35

Android P will add more capabilities for verified boot :slight_smile:


(Jason Bayton) #36

That perception is not reality.

Bugs =! Exploits


(Jason Bayton) #37

Google haven’t seen a single exploit based on Stagefright.


(Jason Bayton) #38

Lots of talk about P… check out my post which summarises it -


(Jason Bayton) #39

Open Source is one of Android’s biggest strengths. It makes it so easy to find and fix bugs, no reverse engineering required.

As a result Android platform hacks are harder to find.


(Jason Bayton) #40