Android is the most widely used mobile operating system in the world. It currently holds more than 65 percent of market shares globally with over a billion users. As evidenced by the Stagefright bug scare and the recent HummingBad infections, hackers are shifting their attention to mobile platforms and the security of these devices is as critical as ever.
Google understands this very well so they are shoring up the defenses of the Android operating system on its next iteration. Android 7.0 "Nougat," the next stable build, will have significant security enhancements to protect users against major exploits and attacks.
The improvements are based on Linux security models that protect the kernel from malicious code. Linux is the operating system from which Android is derived.
In a Google Security Blog posted on Wednesday, Jeff Vander Stoep of the Android Security team detailed two categories of high-level protections that will be enabled within Android. These are memory protections and attack surface reduction.
Included with memory protection is the segmentation of kernel memory space into logical spaces with specific permissions on each section. These sections will have code marked as no-execute, read-only and read-write so existing code can't be modified. This means malware can no longer execute in these critical kernel memory spaces.
They will also restrict kernel access to the userspace. By shielding the userspace from direct access by the kernel, attacks will be harder to execute since hackers have less control over kernel memory that is exploitable.
Another memory protection mechanism is the improvement of stack buffer overflow prevention. Stack buffer overflow exploits occur when a malicious program tries to write more data than what the operating system reserves for the buffer, causing memory corruptions that potentially open holes for injecting malicious code. For this, Google is adding a "stack-protector-strong" option to their software compiler.
With attack surface reduction, Google trimmed code, removed access to entry points and limited exposure of features to users without disrupting functionality. One of their ways of doing this is by removing regular users' default access to debug features. This will prevent hackers from developing malware that exploits Android's built-in debugging tools.
They will also limit how apps access Input Output Control (IOCTL) commands. The IOCTL commands allow apps to communicate with device drivers but most reported Android vulnerabilities exploit this hole. Android 7.0 Nougat will limit but still employ a small whitelist of IOCTL commands available to applications that are required for functionality.
One last improvement for attack surface reduction is the requirement of the sandboxing mechanism SECCOMP for all devices running Nougat. This is said to dramatically reduce the exposed attack surface of the kernel. Basically, this mechanism will restrict system calls to the kernel using a filter. This was already introduced on Nexus devices running Lollipop to strengthen their media component security.
Looking forward, Google plans on employing more Linux-derived kernel protection mechanisms to Android. These include developing compiler defenses through the Kernel Self Protection Project and more sandboxing features like SELinux and Minijail. They will also improve bug discovery and crash analysis with the kasan and kcov projects.
To read more about Google's security enhancements for Android 7.0 Nougat, visit their official security blog.