Android Oreo, another boost to Android security (among other features)
Coinciding with the solar eclipse, yesterday, Google took the opportunity to launch the new version of its operating system Android 8.0, “O”, which will be known as Android Oreo.
Android Oreo doesn’t have a significant interface change, most features are related to UX, security and energy efficiency. Some nice features include “Picture in Picture” which allow users to see two apps at once, new emojis, notification dots that allow to quickly see what’s new in each notification and clear them by swiping away.
Additionally, Google keeps having security as one of its main targets, and Android O include additional features that will boost the platform security:
– Install unknown applications: The “Unknown sources” option of previous versions disappears. To increase the security in the operating system now the user has to authorize which application can install other applications. This is a good approach versus the previous “all or nothing” approach. Previously once users allowed “install from unknown sources” for one specific case (e.g. use an alternative app market), it was allowed for every app.
– New permissions: to add more control for the user on what apps can do or don’t’, new permissions are added. A couple we specially like is the Premium SMS and unlimited data access permission. We all know people who has been subscribed to a premium service inadvertently, or has end up paying quite a phone bill for unsolicited data consumption.
– WebView with Google Safe Browsing: Google’s secure browsing technology comes to the Android WebView component. Now, applications using webview technology (which is embedding web pages in applications) can benefit of the Google Safe Browsing features, such as URL blacklist, phishing identifications, etc.
– The platform no longer support SSLv3, which prevents malicious apps to exploit the infamous Poodle vulnerability. This vulnerability allowed easily man in the middle attacks that can end up in credential or sensitive info leaks.
– Android Instant Apps: Apps that can be executed directly into the browser. While this was already available for earlier versions. Android O reduces the risk inherited by these apps by forcing them to require HTTPS, removing access to persistent device identifiers or sensitive OS components such as contacts.
– Autofill: With your permission, Autofill remembers your logins to get you into your favorite apps faster, such as many browsers do. This is actually a delicate feature, it has its downside: If it is wrongly used by app developers and users can be a security hole allowing thefts not having to input passwords. But if used correctly, would facilitate users to have different passwords for each service and logout more frequently without too much effort.
We will have to wait until we receive OTA updates on non-Google phones, but Google has announced that the source code is available on the Android Open Source Project (AOSP) In the coming days the update will arrive for the Nexus 5X, Nexus 6P, Pixel, Pixel XL and Nexus Player.
This post was originally published at barbaraiot.com on August 22, 2017. If you like it and want to receive similar content subscribe to our Newsletter
