Android Oreo Security Enhancements Detailed by Google

Android Oreo Security Enhancements Detailed by Google
  • Google develops Android Verified Boot 2.0 with Project Treble
  • Android Oreo includes new OEM Lock Hardware Abstractions Layer
  • Google implements Control Flow Integration (CFI)

Google has detailed all the key security enhancements that it has designed for Android Oreo. The latest Android platform is already running on a list of mobile devices including the recent Pixel and Nexus models - but as per the latest November figures, it comprises 0.5 percent of active Android devices.

Android Marshmallow and Nougat already enhanced hardware security on devices. But with Android Oreo, Google has provided a new reference implementation of its Verified Boot that is designed to prevent devices from booting up with tampered software. The reference implementation, called Android Verified Boot 2.0, runs with Project Treble to enable security updates such as a common footer format and rollback protection. The latter among the two is designed to prevent a device to boot if downgraded to an older OS version, which could include some vulnerabilities. Initially, Google's Pixel 2 and Pixel 2 XL are available with the newest development, though the Android maker recommends all device manufacturers to add the same feature to their new devices.

Apart from the new Verified Boot version, Android Oreo includes the new OEM Lock Hardware Abstractions Layer (HAL) that allows devices manufacturers to implement the way how they protect whether a device is locked, unlocked, or unlockable. Google has also claimed to have invested support in tamper-resistant hardware, including the development of a physical chip that can prevent software and hardware attacks on the new Pixel 2 family. It also resists physical penetration attacks.

Android Oreo also enables an enhanced isolation by removing direct hardware access from the default media frameworks. Similarly, Google has enabled Control Flow Integration (CFI) across all media components to disallow arbitrary changes to the original control flow graph to make it harder for attackers to perform malicious activities. Oreo version also has seccomp filtering, hardened usercopy, Privileged Access Never (PAN) emulation, and Kernel Address Space Layout Randomisation (KASLR). Additionally, Google has isolated WebView by splitting the rendering engine into a separate process and running the same in an isolated sandbox to restrict external resources. You can read the detailed blog post to understand all the behind-the-scenes developments.


For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Further reading: Android Oreo, Android, Google, Mobiles
Jagmeet Singh writes about consumer technology for Gadgets 360, out of New Delhi. Jagmeet is a senior reporter for Gadgets 360, and has frequently written about apps, computer security, Internet services, and telecom developments. Jagmeet is available on Twitter at @JagmeetS13 or Email at Please send in your leads and tips. More
Google Play's 12 Days of Play Sales Kicks Off With Discounts on Apps, Books, Movies, and More
PUBG Xbox One and Xbox One X Patch Promises 'Continued Performance Optimisations'

Related Stories

Share on Facebook Tweet Snapchat Share Reddit Comment




© Copyright Red Pixels Ventures Limited 2021. All rights reserved.
Listen to the latest songs, only on