Google experts worked on OS hardening and the implementation of anti-exploitation mechanisms with a great attention to the user privacy.
The tech giant updated the File-Based Encryption implementing the support for external storage media, it also included the metadata encryption with hardware support.
Android 9 also implements a new BiometricPrompt API, to have the biometric authentication dialogs that apps can display look the same.
Android 9 also comes with new protections for the Application Sandbox.
“New protections and test cases for the Application Sandbox help ensure all non-privileged apps targeting Android Pie (and all future releases of Android) run in stronger SELinux sandboxes.” reads a post written by
Vikrant Nanda and René Mayrhofer from Android Security & Privacy Team.
“By providing per-app cryptographic authentication to the sandbox, this protection improves app separation, prevents overriding safe defaults, and (most significantly) prevents apps from making their data widely accessible.”
Android Pie introduces the Control Flow Integrity (CFI) enabled by default, it is a security mechanism that disallows changes to the original control flow graph of compiled code. CFI has been enabled by default within the media frameworks and other security-critical components, including Near Field Communication (NFC) and Bluetooth protocols.
Google also introduced the Integer Overflow Sanitization in Android 9, a security technique to mitigate memory corruption and information disclosure vulnerabilities that are the result of integer operations.
Google continued the investments in hardware-backed security, Android 9 implements the Android Protected Confirmation, which is the first major mobile OS API that leverages a hardware-protected user interface (Trusted UI) to perform critical transactions completely outside the main mobile operating system.
Google also introduced the support for a new Keystore type that implements stronger protection for private keys via tamper-resistant hardware with dedicated CPU, RAM, and flash memory.
Google also improved the Keystore by adding Keyguard-bound keys, Secure Key Import, 3DES support, and version binding.
Google also enhanced user privacy by limiting the access in background apps to the camera, microphone, and device sensors.
Android Pie implements support for encrypting Android backups with the user’s screen lock secret (that is, PIN, pattern, or password).
Android 9 has new permission rules and permission groups for phone calls, phone state, and Wi-Fi scans, and with restrictions on information retrieved from Wi-Fi scans.
Android changed the default settings for Network Security Configuration to block all unencrypted HTTP connections.
“We believe that the features described in this post advance the security and privacy posture of Android, but you don’t have to take our word for it. Year after year our continued efforts are demonstrably resulting in better protection as evidenced by increasing exploit difficulty and independent mobile security
(SecurityAffairs – Android Pie, security )