Android Security Evolution

Cupcake 1.5

  • ProPolice to prevent stack buffer overruns (-fstack-protector)safe_iop to reduce integer overflows
    • Canary value check just before return from a function
  • Extensions to OpenBSD dlmalloc to prevent double free() vulnerabilities and to prevent chunk consolidation attacks. Chunk consolidation attacks are a common way to exploit heap corruption.
  • OpenBSD calloc to prevent integer overflows during memory allocation

Gingerbread 2.3

  • Format string vulnerability protections (-Wformat-security -Werror=format-security)
  • Hardware-based No eXecute (NX) to prevent code execution on the stack and heap
    • Avoid abusive memory use
  • Linux mmap_min_addr to mitigate null pointer dereference privilege escalation (further enhanced in Android 4.1)

Honeycomb 3.0

  • Full filesystem encryption using AES128

Ice Cream Sandwich 4.0

  • Address Space Layout Randomization (ASLR) to randomize key locations in memory
    • Complete in 4.1
  • Randomize heap and brk mapping
  • KeyChain for improving private key and certificate management

Jelly Bean 4.1

  • PIE (Position Independent Executable) support
    • Program binary can be loaded and run from any address
  • Read-only relocations / immediate binding (-Wl,-z,relro -Wl,-z,now)
  • dmesg_restrict enabled (avoid leaking kernel addresses)
  • kptr_restrict enabled (avoid leaking kernel addresses)

Jelly Bean 4.2

  • FORTIFY_SOURCE for system code
    • Compiler fortifies stacks if their size can be determined at compilation time
    • Level 1 for Android 4.2
    • Level 2 for Android 4.4
  • ADB authentication
    • RSA pairing

Jelly Bean 4.3

  • Trusted Platform Module (TPM) support
  • SE Linux permissive mode

Kitkat 4.4

  • dm-verity on boot
    • Verified booting
    • provides transparent integrity checking of block devices
    • helps prevent persistent rootkits that can hold onto root privileges and compromise devices
  • SE Linux enforced mode
    • All root domain binaries work in enforced mode. Others work in permissive mode.
  • Disabling battery usage information from 3rd party applications

Lollipop 5.0

  • Factory reset protection requires a user password before performing
  • Android Smart Lock allows unlocking if a peripheral e.g. smartwatch is around
  • Guest user account
  • Security Enforcement
    • Non-PIE linker support removed – Only PIE binaries are allowed to run, so ASLR can shuffle everything including executable parts.
    • Full disk encryption by default – Performance degrades by 2~5 times in 5.0.
* This does not represent a complete security feature update history in Android but an aggregation of important milestones.

Thank To

References

Advertisements

2 thoughts on “Android Security Evolution

    1. Thx Mike! I looked up in “Security Enhancement in Android 5.0 in Android website”. They are really there. Not many mention about this.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s