site: android-developers.googleblog.com
Building a Titan: Better security through a tiny chip
https://android-developers.googleblog.com/2018/10/building-titan-better-security-through.html [android-developers.googleblog.com]
2018-10-17 18:53
tags:
android
auth
cpu
hardware
security
Titan M is a second-generation, low-power security module designed and manufactured by Google, and is a part of the Titan family. As described in the Keyword Blog post, Titan M performs several security sensitive functions,
source: HN
Compiler-based security mitigations in Android P
https://android-developers.googleblog.com/2018/06/compiler-based-security-mitigations-in.html [android-developers.googleblog.com]
2018-07-13 17:44
tags:
android
compiler
defense
security
update
Android’s switch to LLVM/Clang as the default platform compiler in Android 7.0 opened up more possibilities for improving our defense-in-depth security posture. In the past couple of releases, we’ve rolled out additional compiler-based mitigations to make bugs harder to exploit and prevent certain types of bugs from becoming vulnerabilities. In Android P, we’re expanding our existing compiler mitigations, which instrument runtime operations to fail safely when undefined behavior occurs. This post describes the new build system support for Control Flow Integrity and Integer Overflow Sanitization.
source: grugq
Insider Attack Resistance
https://android-developers.googleblog.com/2018/05/insider-attack-resistance.html [android-developers.googleblog.com]
2018-06-01 17:37
tags:
android
auth
bios
development
hardware
security
To mitigate these risks, Google Pixel 2 devices implement insider attack resistance in the tamper-resistant hardware security module that guards the encryption keys for user data. This helps prevent an attacker who manages to produce properly signed malicious firmware from installing it on the security module in a lost or stolen device without the user’s cooperation. Specifically, it is not possible to upgrade the firmware that checks the user’s password unless you present the correct user password.
source: HN
Hardening the Kernel in Android Oreo
https://android-developers.googleblog.com/2017/08/hardening-kernel-in-android-oreo.html [android-developers.googleblog.com]
2017-08-30 20:52
tags:
android
defense
linux
security
Android 8.0 focuses on kernel self-protection with four security-hardening features backported from upstream Linux to all Android kernels supported in devices that first ship with this release.
source: HN
Shut the HAL Up
https://android-developers.googleblog.com/2017/07/shut-hal-up.html [android-developers.googleblog.com]
2017-07-20 03:53
tags:
android
security
systems
Project Treble is making updates easier by separating the underlying vendor implementation from the core Android framework. This modularization allows platform and vendor-provided components to be updated independently of each other. While easier and faster updates are awesome, Treble’s increased modularity is also designed to improve security.
source: grugq