{"id":12929,"date":"2018-07-27T12:10:09","date_gmt":"2018-07-27T20:10:09","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2018\/07\/27\/news-6696\/"},"modified":"2018-07-27T12:10:09","modified_gmt":"2018-07-27T20:10:09","slug":"news-6696","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2018\/07\/27\/news-6696\/","title":{"rendered":"New Android P includes several security improvements"},"content":{"rendered":"

Credit to Author: Gleb Malygin| Date: Fri, 27 Jul 2018 19:12:28 +0000<\/strong><\/p>\n

According to the Android developer\u00a0Program Overview,<\/a> the next major version of Android, Android 9.0 or P, is set to arrive soon. Their plans show a final release within the next three months (Q3 2018).<\/p>\n

\"\"<\/p>\n

The end of the Android P beta program is approaching, with the first release candidate built and released in July. As a security company, we simply can’t help but take a close look at what kind of security updates will be included in Android’s newest version.<\/p>\n

We are not going to write about new features<\/a>\u00a0of Android P, but instead will focus our attention on security improvements. Android P introduces a number of updates that enhance the security of your apps and the devices that run them.<\/p>\n

Improved fingerprint authentication<\/h3>\n

For our own safety, most devices (and many apps) have an authentication mechanism. The new Android P OS provides improved biometrics-based<\/a> authentication. In Android 8.1, there were\u00a0two new metrics<\/a>\u00a0that helped its biometric system repel attacks: Spoof Accept Rate (SAR) and Imposter Accept Rate (IAR). Along with a new model that splits biometric security into weak and strong, biometric authentication becomes more reliable and trustworthy in Android P.<\/p>\n

Android P also promises to deliver a standardized look, feel, and placement for the dialog that requests a fingerprint. This increases user’s confidence that they are interacting with a trusted source. App developers can trigger the new system fingerprint dialog using a new BiometricPrompt API<\/a>, and it’s recommended to switch over to the new system dialog as soon as possible. The platform itself selects an appropriate biometric to authenticate with; thus developers don\u2019t need to implement this logic by themselves.<\/p>\n

Biometric authentication mechanisms are becoming increasingly popular and they have a lot of potential, but only if designed securely, measured accurately, and implemented correctly.<\/p>\n

Signature Scheme v3<\/h3>\n

Android P pushes support for APK Signature Scheme v3. The major difference from v2 is key rotation support. Key rotation will be useful for developers, as this scheme has ApkSignerLineage included. As the review committee<\/a> states:<\/p>\n

\n

\u201cThe signer lineage contains a history of signing certificates with each ancestor attesting to the validity of its descendant. Each additional descendant represents a new identity that can sign an APK. In this way, the lineage contains a proof of rotation by which the APK containing it can demonstrate, to other parties, its ability to be trusted with its current signing certificate, as though it were signed by one of its older ones. Each signing certificate also maintains flags which describe how the APK itself would like to trust the old certificates, if at all, when encountered.\u201d<\/em><\/p>\n<\/blockquote>\n

This gives you an opportunity to sign with a new certificate easily. You simply link the APK files to the ones with which they are now signed.<\/p>\n

Although Scheme v3 turns on by default, note that you can still use an old signing certificate.<\/p>\n

HTTP Secure (HTTPS<\/em>) by default<\/h3>\n

Nowadays, many apps are still transmitting users\u2019 information unencrypted, making personal data vulnerable to hackers. People bothered by potential for breach or invasion of privacy can feel more secure knowing their transmissions in Android P will be secure by default.<\/p>\n

In Android P, third-party developers will have to enable HTTPS (It was optional in Android 8.0) for their apps. However, they can still ignore the advice and specify certain domains that will deliver unencrypted traffic.<\/p>\n

Protected confirmation<\/h3>\n

A protected confirmation API exists in all devices launched with Android P. Using this API, apps can use the\u00a0ConfirmationPrompt<\/a>\u00a0class to display confirmation prompts to the user, asking them to approve a short statement. This statement allows the app to confirm that the user would like to complete a sensitive transaction, such as making a bill payment.<\/p>\n

Right after the statement acceptance, your app receives a cryptographic signature, protected by a keyed-hash message authentication code (HMAC). The signature is produced by the trusted execution environment (TEE). This protects the display of the confirmation dialog, as well as user input. The signature indicates, with high confidence, that the user has seen the statement and has agreed to it.<\/p>\n

Hardware security module<\/h3>\n

Here\u2019s an additional update that benefits everyone: Devices with Android P will be supporting a StrongBox Keymaster. The module contains its own CPU, secure storage, and a true random number generator. It also protects against package tampering and unauthorized sideloading of apps.<\/p>\n

In order to support StrongBox implementations, Android P uses subset of algorithms and key sizes, such as:<\/p>\n