en/security/enhancements/enhancements80.html - platform/docs/source.android.com - Git at Google

 <html devsite>
   <head>
     <title>Security Enhancements in Android 8.0</title>
     <meta name="project_path" value="/_project.yaml" />
     <meta name="book_path" value="/_book.yaml" />
   </head>
   <body>
   <!--
       Copyright 2017 The Android Open Source Project

       Licensed under the Apache License, Version 2.0 (the "License");
       you may not use this file except in compliance with the License.
       You may obtain a copy of the License at

           http://www.apache.org/licenses/LICENSE-2.0

       Unless required by applicable law or agreed to in writing, software
       distributed under the License is distributed on an "AS IS" BASIS,
       WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
       See the License for the specific language governing permissions and
       limitations under the License.
   -->


 <p>Every Android release includes dozens of security enhancements to protect
 users. Here are some of the major security enhancements available in Android
 8.0:</p>

 <ul>
   <li><strong>Encryption</strong>. Added support to evict key in work profile.</li>
   <li><strong>Verified Boot</strong>. Added Android Verified Boot (AVB). Verified
   Boot codebase supporting rollback protection for use in boot loaders added to
   AOSP. Recommend bootloader support for rollback protection for the
   HLOS. Recommend boot loaders can only be unlocked by user physically interacting
   with the device.</li>
   <li><strong>Lock screen</strong>. Added support for using tamper-resistant
   hardware to verify lock screen credential.</li>
   <li><strong>KeyStore</strong>. Required <a href="/security/keystore/attestation">key
   attestation</a> for all devices that ship with Android 8.0+. Added <a
   href="/security/keystore/attestation#id-attestation">ID
   attestation</a> support to improve Zero Touch Enrollment.</li>
   <li><strong>Sandboxing</strong>. More <a
   href="https://android-developers.googleblog.com/2017/07/shut-hal-up.html">tightly
   sandboxed</a> many components using Project Treble's standard interface between
   framework and device-specific components. Applied <a
   href="https://android-developers.googleblog.com/2017/07/seccomp-filter-in-android-o.html">seccomp
   filtering</a> to all untrusted apps to reduce the kernel's attack surface. <a
   href="https://android-developers.googleblog.com/2017/06/whats-new-in-webview-security.html">WebView</a>
   is now run in an isolated process with very limited access to the rest of the
   system.</li>
   <li><strong>Kernel hardening</strong>. Implemented <a
   href="https://android-developers.googleblog.com/2017/08/hardening-kernel-in-android-oreo.html">hardened
   usercopy</a>, PAN emulation, read-only after init, and KASLR.</li>
   <li><strong>Userspace hardening</strong>. Implemented CFI for the media stack.
   App overlays can no longer cover system-critical windows and users have a way to
   dismiss them.</li>
   <li><strong>Streaming OS update</strong>. Enabled <a
   href="/devices/tech/ota/ab_updates#streaming-updates">updates</a>
   on devices that are are low on disk space.</li>
   <li><strong>Install unknown apps</strong>. Users must <a
   href="https://developer.android.com/studio/publish/index.html#publishing-unknown">grant
   permission</a> to install apps from a source that isn't a first-party app store.</li>
   <li><strong>Privacy</strong>. Android ID (SSAID) has a different value for
   each app and each user on the device. For web browser apps, Widevine Client ID
   returns a different value for each app package name and web origin.
   <code>net.hostname</code> is now empty and the dhcp client no longer sends a
   hostname. <code>android.os.Build.SERIAL</code> has been replaced with the
   <a href="https://developer.android.com/reference/android/os/Build.html#getSerial()"><code>Build.SERIAL</code> API</a>
   which is protected behind a user-controlled permission. Improved MAC address
   randomization in some chipsets.</li>
 </ul>

   </body>
 </html>
	<html devsite>
	<head>
	<title>Security Enhancements in Android 8.0</title>
	<meta name="project_path" value="/_project.yaml" />
	<meta name="book_path" value="/_book.yaml" />
	</head>
	<body>
	<!--
	Copyright 2017 The Android Open Source Project

	Licensed under the Apache License, Version 2.0 (the "License");
	you may not use this file except in compliance with the License.
	You may obtain a copy of the License at

	http://www.apache.org/licenses/LICENSE-2.0

	Unless required by applicable law or agreed to in writing, software
	distributed under the License is distributed on an "AS IS" BASIS,
	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	See the License for the specific language governing permissions and
	limitations under the License.
	-->



	<p>Every Android release includes dozens of security enhancements to protect
	users. Here are some of the major security enhancements available in Android
	8.0:</p>

	<ul>
	<li><strong>Encryption</strong>. Added support to evict key in work profile.</li>
	<li><strong>Verified Boot</strong>. Added Android Verified Boot (AVB). Verified
	Boot codebase supporting rollback protection for use in boot loaders added to
	AOSP. Recommend bootloader support for rollback protection for the
	HLOS. Recommend boot loaders can only be unlocked by user physically interacting
	with the device.</li>
	<li><strong>Lock screen</strong>. Added support for using tamper-resistant
	hardware to verify lock screen credential.</li>
	<li><strong>KeyStore</strong>. Required <a href="/security/keystore/attestation">key
	attestation</a> for all devices that ship with Android 8.0+. Added <a
	href="/security/keystore/attestation#id-attestation">ID
	attestation</a> support to improve Zero Touch Enrollment.</li>
	<li><strong>Sandboxing</strong>. More <a
	href="https://android-developers.googleblog.com/2017/07/shut-hal-up.html">tightly
	sandboxed</a> many components using Project Treble's standard interface between
	framework and device-specific components. Applied <a
	href="https://android-developers.googleblog.com/2017/07/seccomp-filter-in-android-o.html">seccomp
	filtering</a> to all untrusted apps to reduce the kernel's attack surface. <a
	href="https://android-developers.googleblog.com/2017/06/whats-new-in-webview-security.html">WebView</a>
	is now run in an isolated process with very limited access to the rest of the
	system.</li>
	<li><strong>Kernel hardening</strong>. Implemented <a
	href="https://android-developers.googleblog.com/2017/08/hardening-kernel-in-android-oreo.html">hardened
	usercopy</a>, PAN emulation, read-only after init, and KASLR.</li>
	<li><strong>Userspace hardening</strong>. Implemented CFI for the media stack.
	App overlays can no longer cover system-critical windows and users have a way to
	dismiss them.</li>
	<li><strong>Streaming OS update</strong>. Enabled <a
	href="/devices/tech/ota/ab_updates#streaming-updates">updates</a>
	on devices that are are low on disk space.</li>
	<li><strong>Install unknown apps</strong>. Users must <a
	href="https://developer.android.com/studio/publish/index.html#publishing-unknown">grant
	permission</a> to install apps from a source that isn't a first-party app store.</li>
	<li><strong>Privacy</strong>. Android ID (SSAID) has a different value for
	each app and each user on the device. For web browser apps, Widevine Client ID
	returns a different value for each app package name and web origin.
	<code>net.hostname</code> is now empty and the dhcp client no longer sends a
	hostname. <code>android.os.Build.SERIAL</code> has been replaced with the
	<a href="https://developer.android.com/reference/android/os/Build.html#getSerial()"><code>Build.SERIAL</code> API</a>
	which is protected behind a user-controlled permission. Improved MAC address
	randomization in some chipsets.</li>
	</ul>

	</body>
	</html>