Android has quickly become a very popular operating system, with billions of defenses in the wild. This means there are a billion different devices which can be vulnerable to attacks in a number of ways. Their monthly security updates are part of their continuing work in security. By patching the operating system, common ways to exploit a user’s device can be fixed.
However, exploits can happen at an even lower level, at the Linux kernel. Android is based on the Linux operating system, and there can be vulnerabilities at this level as well. There are different mechanisms within this kernel to enforce security, and Android’s implementation of this kernel is also seeing a number of improvements, as explained in a recent blog post on the Android Developers blog. These new security protections can be grouped into memory protections and attack surface reduction.
To protect against memory vulnerabilities, flags are added to certain sectors of memory, marking them as read-only or unexecutable. This will help prevent malware from overflowing memory buffers and being able to do unrestricted code execution in the kernel. An additional protection against memory overflows is stack-protector-strong, which will cover a number of array types and help reduce the problems that occur if an array becomes too large.
Another addition to memory protection is creating a barrier between kernel control and userspace memory. By separating the two, it will be harder for malware to gain access to kernel memory.
There are three main ways the Android Security team is reducing attack surfaces. One is by removing access to debugging tools by default. Tools for measuring performance, such as Perf, are now being blocked and will have to be manually enabled. This will help protect the majority of users, those who haven’t used it.
Apps will not be able to access the system call
ioctl() in order to reduce the number of vulnerabilities that happen with that call. While a handful of commands related to sockets will still exist, most other commands will be inaccessible.
Apps will now be required to use the sandboxing APIs of seccomp in order to further restrict the system calls that are made. It was originally introduced in Lollipop as an optional feature set for devices, although it will be required on devices with Nougat.
Users should expect to see a number of these security measures being implemented in the upcoming release of Nougat, which is good for the ecosystem. Google will continue improving the security of Android by focusing on kernel improvements and continuing to improve the integration of SELinux into the operating system.