Clever Geek Handbook
📜 ⬆️ ⬇️

Android Security

A smartphone differs from a PC in that it has less computing power, almost always contains a money account, and also has more equipment and opportunities for spying on a user: microphone , GPS , constantly switched on radio communication, accelerometer ... Therefore, the mobile OS in general and Android in particular are forced to have developed security measures , and the main one is a virtual machine that does not allow third-party software to fall to the processor level, and the distribution of access rights to all software. But not the only ones.

Against Android, its openness plays - unsigned programs on a smartphone can be put by any user without any development keys, the source texts of the main part of the OS are publicly available.

Common security threats

A Trend Micro study concluded that abuse of a premium service is the most common type of Android malware, when text messages are sent from infected phones to premium-subscribed users' phones without consent.

Other malware displays intrusive ads on the device or sends information to an unauthorized third party [1] .

Android security threats are reportedly growing exponentially; however, Google engineers claim that malware and virus threats on Android are exaggerated by companies specializing in security systems for commercial reasons [2] [3] .

Google also claims that dangerous software is rare - a study by F-Secure showed that only 0.5% of registered malware came from Google Play [4] .

In August 2015, Google announced that Nexus devices will receive a monthly update with fixes for detected vulnerabilities in the system. Monthly updates to Android security systems and the timely response of device manufacturers have significantly reduced the impact of zero-day vulnerabilities in Android systems.

For example, CVE-2016-5195 ("Dirty cow") was publicly disclosed on October 19, 2016. Already in November 2016, some manufacturers, for example BlackBerry , introduced corrections in production.

In 2016, Android joined forces with mobile companies such as Qualcomm , Broadcom, and MediaTek to increase the speed at which consumers receive monthly system updates for their devices.

For example, we accelerated the process of issuing permits for monthly security updates from almost one month to a week.

Android partners have made significant investments in detecting vulnerabilities in Android devices and making this information public.

In 2016, Qualcomm launched a paid program to find and expose vulnerabilities in Qualcomm products.

In 2016, researchers fixed 655 vulnerabilities by developing 133 critical updates, 365 high, 154 medium and 3 low criticality. This is more than 2 times more than in 2015.

Throughout 2016, Google continued to release urgent security updates for Android 4.4 and higher. In December 2016, 735 million devices had the latest version of updates.

Google is also working with application developers to improve the security of their products. The Application Security Improvement Program (ASI) identifies applications on Google Play that have flaws in code or in plug-in external libraries. This is done by scanning applications downloaded to Google Play for known vulnerabilities. If any are found, ASI contacts the developers by mail and offers a troubleshooting path. In 2016, ASI included 18 new vulnerabilities in the checklist for 8 threats already existing since 2015.

In 2016, Google launched 6 campaigns that aim to warn developers of vulnerabilities in products and potential risks for consumers. If the application was published on Google Play before the launch of these campaigns and within 90 days the developer made no attempt to fix security holes, his application remains on Google Play, but if he wants to update the application, then it must have fixes for all vulnerabilities found [5 ] .

Security hole fixes found in the operating system often do not reach users of older and cheaper devices [6] [7] .

However, since Android is an open-source OS, this allows security software developers to adapt existing devices for highly secret use. For example, Samsung is partnering with General Dynamics through the acquisition of to rebuild Jelly Bean on top of its hardened microviewer for the Samsung Knox project [8] [9] .

Android smartphones can report the location of Wi-Fi access points encountered when moving phone users to create databases containing the physical locations of hundreds of millions of such access points. These databases form electronic maps for finding smartphones, allowing them to launch applications such as Foursquare , Google Latitude , Facebook Places and provide location-based advertising [10] .

Third-party monitoring software such as TaintDroid [11] , funded by scientific research, may in some cases detect when personal information is sent from applications to remote servers [12] .

Android 8.0 security innovations

Installing applications from unknown sources

In Android 8.0, the option “Allow unknown sources” has disappeared from the menu. Thus, Android 8.0 protects users from potentially dangerous software that masquerades as an important system update from a third-party source. In Android Oreo, the Install Unknown Applications permission is tied to an application that requests installation, like other permissions at runtime, and ensures that the user grants permission to use the installation source before it can prompt the user to install the application.

Using Peer Group Analysis to Search for Malware

Mobile applications can search the device for more information than they need to work. To protect users, Google analyzes the privacy and signals of applications on Google Play and compares it with similar ones. Creating application groups with similar functionality allows you to set adequate boundaries of behavior. To create a set of categories, Google has developed a machine learning algorithm for clustering mobile applications with similar capabilities. Based on the data obtained, Google’s engineers will decide which applications need additional expert analysis and what developers need to do to improve the security and privacy of their applications [5] .

Treble

The weak point of Android is that the code tied to the processor and chipset is spread throughout the OS, which complicates the preparation of patches. In 2016, more than 50% of Android devices did not receive security updates [5] [13] .

Project Treble is a HAL layer that separates the operating system from the drivers more strongly. This will allow Google to send OS updates even to unsupported devices, and will complicate the search for a chain of vulnerabilities that would reach the drivers and ensure the execution of code with driver rights.

Downgrade Protection

The Verified Boot mechanism checks the integrity of the OS components at all stages of the smartphone’s boot and may prohibit booting if the bootloader, kernel or OS has been modified. But there is a problem in this mechanism - the ability to downgrade. Android 8 now has an official implementation of this protection. But it is disabled when the bootloader is unlocked by regular means [14] .

Kernel lock and seccomp filter

According to Google, in 2014 only 4% of bugs reported by users were related to the kernel level in 2014, and now they make up 39%. In this regard, the secure computing mode filter [13] [14] was introduced in Android Oreo.

Alerts

Users often encounter supposedly unclosed windows on Android devices that offer to enter their credentials (fields passed information to hackers) or require a ransom to close the window. In Android Oreo, all system alerts will now have a clearly visible indicator, clicking on which will close the window [13] .

Notes

  1. ↑ Android malware numbers explode to 25,000 in June 2012 , Protalinski, Emil (July 17, 2012).
  2. ↑ Mobile malware exaggerated by "charlatan" vendors, says Google engineer , PC Advisor.
  3. ↑ Android 4.2 brings new security features to scan sideloaded apps , Hildenbrand, Jerry (November 2, 2012).
  4. ↑ Android malware perspective: only 0.5% comes from the Play Store , Phonearena.com.
  5. ↑ 1 2 3 Android Security 2016 Year in Review
  6. ↑ Goodbye, Android , Franceschi-Bicchierai, Lorenzo (July 29, 2015).
  7. ↑ The Android 'toxic hellstew' survival guide , Kingsley-Hughes, Adrian (June 9, 2014).
  8. ↑ Air-to-ground rocket men flog top-secret mobe-crypto to Brad in accounts , The Register. February 28, 2013.
  9. ↑ Samsung Armors Android to Take On BlackBerry , The New York Times. February 28, 2013.
  10. ↑ Suit Opens a Window Into Google , Steve Lohr (May 8, 2011). The New York Times. ISSN 0362-4331.
  11. ↑ Real Time Privacy Monitoring on Smartphones, AppAnalysis.org.
  12. ↑ Study Shows Some Android Apps Leak User Data Without Clear Notifications , Ganapati, Priya (September 30, 2010).
  13. ↑ 1 2 3 ANDROID 8.0 OREO SAFETY INNOVATIONS
  14. ↑ 1 2 SAFETY ANDROID 8.0

Literature

  • Nikolay Elenkov. Android Security Internals: An In-Depth Guide to Android's Security Architecture. - No Starch Press, 2014 .-- 432 p. - ISBN 9781593275815 .
  • Anmol Misra, Abhishek Dubey. Android Security: Attacks and Defenses. - CRC Press, 2016 .-- 280 p. - ISBN 9781439896471 .
Source - https://ru.wikipedia.org/w/index.php?title=Android&oldid=99086716 Security


More articles:

  • Royal Military Academy of Chulachomklao
  • Divided Square Mosaic
  • Zivanovic, Toma
  • Sino-Chadian Relations
  • Madonna del Orto
  • Promstroybank of the USSR
  • Timeline of the abolition of slavery and serfdom by country
  • Gerania
  • Fali
  • Semichnaya (station)

All articles

Clever Geek | 2019