The latest Android iteration (Android Q) arrives with TLS 1.3 support enabled by default, as well as with other security improvements, Google announced this week.
At Google I/O, the Internet search giant reiterated its commitment to building a more secure Android platform through better encryption, platform hardening, improved authentication, and more.
Google has been requiring full-disk encryption on new devices since 2015, but only this year the company released a solution to enable storage encryption on all devices. Called Adiantum, it can run efficiently without specialized hardware, meaning that it can be used on a broader range of devices.
Now, Google says that all compatible Android devices (including phones, tablets, televisions, and automotive devices) launching with Android Q will be forced to encrypt user data, to provide users with improved security.
Additionally, the company is enabling TLS 1.3 support by default in Android Q. Finalized in August 2018, the latest major revision to the TLS standard is faster, more secure, and more private, as it removes support for weaker cryptographic algorithms and some insecure or obsolete features and encrypts more of the handshake.
Android Q will also arrive with a hardened platform, possible through applying defense-in-depth strategies to security critical areas such as media, Bluetooth, and the kernel, thus ensuring that attackers can’t use a single vulnerability to compromise the system.
These strategies include process isolation, attack surface reduction, architectural decomposition, and exploit mitigations to render vulnerabilities more difficult or impossible to exploit.
Some of the improvements in Android Q include a constrained sandbox for software codecs, increased use of sanitizers during production to mitigate vulnerabilities in components that process untrusted content, and protecting Address Space Layout Randomization (ASLR) against leaks using eXecute-Only Memory (XOM).
Shadow Call Stack, which provides backward-edge Control Flow Integrity (CFI), will complement LLVM’s CFI, while the Scudo hardened allocator will make a number of heap related vulnerabilities more difficult to exploit, Google says.
Building on the authentication options introduced in Android Pie with the BiometricPrompt API, which included support for face, fingerprint, and iris, Android Q updates the underlying framework with robust support for face and fingerprint and adds support for additional use-cases, including both implicit and explicit authentication.
The explicit flow requires the user to perform an action to proceed, such as tap their finger to the fingerprint sensor (the use of face or iris to authenticate requires clicking an additional button to proceed).
“The explicit flow is the default flow and should be used for all high-value transactions such as payments,” Google says.
The implicit flow does not require an additional user action and is used for a lighter-weight, more seamless experience for easily reversible transactions, such as sign-in and autofill.
BiometricPrompt also makes it possible to check if a device supports biometric authentication before invoking the API, and a new BiometricManager class has been added, to call the canAuthenticate() method and determine if the device supports biometric authentication and if the user is enrolled.
Beyond Android Q, Google plans to add Electronic ID support for mobile apps, thus allowing people to use their phones as IDs, such as a driver’s license. Such applications have a lot of security requirements and involve integration between the client on phone, a reader/verifier device, and issuing authority backend systems, Google points out.
“This initiative requires expertise around cryptography and standardization from the ISO and is being led by the Android Security and Privacy team. We will be providing APIs and a reference implementation of HALs for Android devices in order to ensure the platform provides the building blocks for similar security and privacy sensitive applications,” the search giant notes.
