Google has published more details about the security measures that are part of the new Android Nougat mobile operating system.
Android Nougat Contains the Latest Security Measures Made by the Development Team
As Android Nougat has started to roll appear on some popular mobile devices such as smart phones and tablets, consumers and experts anticipate the new features of the latest iteration of the operating system. However as well as new performance improvements Android Nougat has some new security measures that deserve attention.
One of the key additions is a new Direct Boot mode that is activated on the device before the user unlocks it for the first time. When the mode is active access to private data is limited and only applications that support Direct Boot can be run. This feature allows two types of storage locations – credential protected storage and device protected storage. Applications that want to access sensitive data (located in the credential protected storage) have to be run only when the devices are unlocked by the user. Direct Boot can be used with encryption and lock screens that feature PIN, pattern or password parameters.
A new and improved hardened media stack are contained in Android Nougat. Developers have included the defense mechanisms to prevent security vulnerabilities and to protect the system from privilege escalation bugs.
Android now handles Trusted Certificate Authorities in a more secure manner, and a strict enforcement of verified boot with error correction is in place. The Android kernel has been upgraded with memory protection markings that isolate certain memory systems with read-only access, and the developers have added some restrictions to userspace addressing by the kernel modules. A new APK signature scheme is employed which should strengthen integrity checks and improve performance.
The new Network Security Config option allows application developers to easily configure network security policies through a configuration file. The options include the blocking of cleartext traffic, configuration of trusted certificate authorities and administrating a separate debug configuration setup.
Android Nougat features improved privacy capabilities, access to many persistent device identifiers has been limited or entirely removed. This is something that security experts have anticipated for a long time as MAC address information has been used in various spoofing attacks in the past.
An important feature is the changes to the user interface overlays permissions. Android Nougat no longer allows this option as it has been used in a variety of malicious attacks. Programs can no longer change the lockscreen, and some ransomware defenses have been placed.
For more detailed information check Google’s detailed post.