Android Apps

What's new in Android Q safety

Posted by Rene Mayrhofer and Xiaowen Xin, Android Safety & Privateness Group

With every new model of Android, one among our prime priorities is to boost the extent of safety. In recent times, these enhancements have led to measurable progress within the total ecosystem, and 2018 was no totally different.

Within the 4th quarter of 2018, we had 84% extra gadgets that acquired a safety replace in comparison with the identical quarter of the earlier yr. On the similar time, no essential safety vulnerabilities affecting the Android platform have been publicly disclosed with none safety replace or mitigation accessible in 2018, and we’ve got seen a 20% lower from the earlier yr. proportion of gadgets having put in a doubtlessly dangerous software. In a spirit of transparency, we printed this knowledge and extra in our Android 2018 evaluation for Android Safety & Privateness.

However now, it’s possible you’ll be questioning what the subsequent step is.

At present, at Google I / O, we’ve got unveiled all the brand new safety features constructed into Android Q. We plan to deepen each function within the weeks and months to come back, however we wished first share a fast abstract of the advantages of safety. we add to the platform.


Storage Encryption is without doubt one of the most elementary (and best) safety applied sciences, however present encryption requirements require gadgets to have cryptographic acceleration hardware. Due to this requirement, many gadgets cannot use storage encryption. The launch of Adiantum modifications that in Android model Q. We introduced Adiantum in February. Adiantum is designed to work successfully with out specialised hardware and can be utilized in lots of areas, from sensible watches to medical gadgets linked to the Web.

Our dedication to the significance of encryption continues with the Android Q model. All appropriate Android gadgets newly launched with Android Q are required to encrypt consumer knowledge, with out exception. This consists of telephones, tablets, TVs and automotive gadgets. This can be certain that the subsequent era of gadgets might be safer than its predecessors and permit the subsequent billion individuals who log in for the primary time to attach securely.

Nonetheless, storage encryption is barely half of the image. That’s the reason we additionally permit assist for TLS 1.three by default in Android Q. TLS 1.three is a serious revision of the TLS commonplace finalized by the IETF in August 2018. It’s quicker, safer and extra personal. TLS 1.three can usually full the handshake in much less roundtrip, which hurries up the connection time by as much as 40% for these periods. From a safety perspective, TLS 1.three removes assist for weaker cryptographic algorithms, in addition to some insecure or outdated options. It makes use of a newly designed handshake that fixes a number of weaknesses in TLS 1.2. The brand new protocol is cleaner, much less vulnerable to errors, and extra proof against key compromises. Lastly, from the standpoint of confidentiality, TLS 1.three encrypts extra handshakes to raised defend the identification of contributors.

Hardening of the platform

Android makes use of a defense-in-depth technique to make sure that particular person implementation bugs are inadequate to bypass our safety methods. We apply course of isolation, assault floor discount, architectural decomposition and farm downsizing to make vulnerabilities harder, if not unattainable, to use, and to extend the variety of assaults. vulnerabilities wanted by an attacker to attain his objectives.

In Android Q, we utilized these methods to essential safety domains similar to media, Bluetooth, and kernel. We describe these enhancements in additional element in a separate weblog publish, however listed below are some highlights:

A sandbox pressured for software program codecs.

Elevated use of manufacturing sanitizers to mitigate whole lessons of vulnerabilities in elements that course of unapproved content material.

The ghost name stack, which supplies management circulate integrity (CFI) backwards and enhances the safety offered by the LLVM CFI.

Safety of deal with area format randomization (ASLR) in opposition to leakage with the assistance of eXecute-Solely reminiscence (XOM).

Introduction of the Scudo enhanced allocator, which makes it tougher to use plenty of heap associated vulnerabilities.


Android Pie launched the BiometricPrompt API to assist functions use biometrics, together with face, fingerprints and iris. For the reason that launch, many functions have adopted the brand new API. Now, with Android Q, we’ve got up to date the underlying construction with strong facial and fingerprint assist. As well as, we’ve got prolonged the API to assist extra use circumstances, together with implicit and express authentication.

Within the express circulate, the consumer should carry out an motion to proceed, for instance to press his finger on the fingerprint sensor. In the event that they use the face or iris to authenticate, the consumer should click on an additional button to proceed. The specific feed is the default feed and needs to be used for all excessive worth transactions similar to funds.

The default circulate doesn’t require any extra consumer motion. It’s used to offer a lighter and extra constant expertise for simply and simply reversible transactions, similar to connection and auto-fill.

One other new helpful function of BiometricPrompt is the flexibility to test if a tool helps biometric authentication earlier than calling BiometricPrompt. That is helpful when the applying needs to show an "Allow biometric login" or comparable merchandise within the login web page or within the software settings menu. To assist this, we added a brand new BiometricManager class. Now you can name the canAuthenticate () methodology to find out if the machine helps biometric authentication and if the consumer is registered.

And after?

Past Android Q, we're trying so as to add cellular ID assist for cellular apps, so your telephone can be utilized as an ID, similar to a driver's license. Such functions have many safety necessities and suggest integration between the holder's cell phone consumer software, a reader / verifier, and the principle transmitting authority methods used for transmission, updates and revocation of licenses.

This initiative requires experience in cryptography and standardization from ISO and is led by the Android Safety and Privateness crew. We’ll present APIs and a reference implementation of HAL for Android gadgets to make sure that the platform supplies the fundamentals for comparable safety and privateness delicate functions. You may count on to obtain extra information from us on the digital identification assist within the close to future.

Acknowledgments: This message has benefited from the contributions of Jeff Vander Stoep and Shawn Willden