Android 9 Pie Has Released Officially
Finally, after long-term developing, the latest release of Android 9 Pie launched.
Android 9 Pie to make your phone smarter and simpler. More than 140,000 tried its preview builds through the Android Beta program. It is currently rolling out to Pixel devices and soon it would be launched on all smartphone devices in coming months.
Here are Seven Security Features of Android 9 Pie:
1. Biometrics Sensors
Android 9 Pie introduces a system-managed dialog to prompt the user for any supported type of biometric authentication.
By improving biometrics-based authentication in Android P:
- Defining a better model to measure biometric security, and using that to functionally constrain weaker authentication methods.
- Providing a common platform-provided entry point for developers to integrate biometric authentication into their apps.
2. Android Protected Confirmation
Android 9 Pie introduces Protected Confirmation, this security feature will help you to make your secure Payment. Which uses the Trusted Execution Environment (TEE) to guarantee that a given prompt string is shown and confirmed by the user. Only after successful user confirmation will the TEE then sign the prompt string, which the app can verify.
3. Private Keys Protection
It prevents unauthorized access. Added StrongBox as a new KeyStore type, providing API support for devices that provide key storage in tamper-resistant hardware with isolated CPU, RAM, and secure flash.
4. DNS over TLS
Android 9 adds built-in support for DNS over TLS, automatically upgrading DNS queries to TLS if a network’s DNS server supports it. Users can manage DNS over TLS behavior in a new Private DNS Mode in Network & internet settings. Apps that perform their own DNS queries can use a new API, LinkProperties.isPrivateDnsActive(), to check the DNS mode.
Like HTTPS, DNS over TLS uses the TLS protocol to establish a secure channel to the server. Once the secure channel is established, DNS queries and responses can’t be read or modified by anyone else who might be monitoring the connection. (The secure channel only applies to DNS, so it can’t protect users from other kinds of security and privacy violations.)
DNS over TLS mode automatically secures the DNS queries from all apps on the system.
5. Default HTTPS
Mobile devices are especially at risk because they regularly connect to many different networks, such as the Wi-Fi at a coffee shop.
All traffic should be encrypted, regardless of content, as any unencrypted connections can be used to inject content, increase attack surface for potentially vulnerable client code, or track the user.
In Android P developer changing the defaults for Network Security Configuration to block all cleartext traffic. You’ll now need to make connections over Transport Layer Security (TLS), unless you explicitly opt-in to cleartext for specific domains.
6. Compiler-based Security Mitigation in Android Pie
In Android 9 developers expanded our use of compiler-level mitigations to harden the platform through run-time detection of dangerous behavior. Control Flow Integrity (CFI) techniques help to prevent code-reuse attacks and arbitrary code execution.
In Android 9, Control Flow Integrity (CFI) is enabled by default widely within the media frameworks and other security-critical components, such as NFC and Bluetooth.
Also, they included Integer overflow sanitizers to mitigate memory-corruption and information-disclosure vulnerabilities.
As we learnt from many apps that they are asking to enable microphone or camera for accessing the app. But now it is limited access on Android P.
Android 9 Pie limits the ability for background apps to access user input and sensor data. If your app is running in the background on a device running Android 9, the system applies the following restrictions to your app:
- Your app cannot access the microphone or camera.
- Sensors that use the continuous reporting mode, such as accelerometers and gyroscopes, don’t receive events.
- Sensors that use the on-change or one-shot reporting modes don’t receive events.
The new sensor manager feature will alert you if an app tries to use your Mic and Camera.