Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

10/10/2017
09:00 AM
Dawn Kawamoto
Dawn Kawamoto
Slideshows
50%
50%

Key New Security Features in Android Oreo

Android 8.0 Oreo marks a major revamp of Google's mobile operating system, putting in a number of new security-hardening measures.
Previous
1 of 8
Next

Image Source: Maria Babak via Shutterstock

Image Source: Maria Babak via Shutterstock

Google is serving up a number of new security features in it new Android 8.0 Oreo - one of which is expected to put it on par with Apple's iOS when it comes to delivering software updates, say security researchers.

Android devices, which are notorious for falling behind on operating system (OS) updates and patches, should have a speedier path to the latest version of the OS under Oreo's so-called Project Treble feature.

"Enterprises will be able to maintain a more up to date fleet of devices that are patched against vulnerabilities that can lead to the loss of data," says Andrew Blaich, security researcher at Lookout.

The downside, however, is that existing devices that are not capable of supporting Android's Project Treble are likely to be left behind. As a result, Blaich adds, enterprises that fall into that camp will need to shell out more money on newer devices to take advantage of the new security features.

Oreo, which launched in August, is available on Google's Pixel and Nexus mobile devices. It will be rolled out in phases by the end of the year to other Android device manufacturers such as, Samsung, Motorola, LG, HTC, and others, according to Google's developers blog.

Most phone vendors are actively porting the Project Treble abstraction layer over to their platforms, says Brian Chappell, senior director of enterprise and solutions architecture for BeyondTrust.

Even so, not all older Android devices updated with Oreo will also have Project Treble support, Blaich cautions.

Here are seven of the hottest new security features in Android Oreo, including Project Treble: 

 

Dawn Kawamoto is an Associate Editor for Dark Reading, where she covers cybersecurity news and trends. She is an award-winning journalist who has written and edited technology, management, leadership, career, finance, and innovation stories for such publications as CNET's ... View Full Bio

Previous
1 of 8
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Mr Phen375
50%
50%
Mr Phen375,
User Rank: Apprentice
10/17/2017 | 4:04:47 AM
Do They Work
I doubt if these security features work.
The Cold Truth about Cyber Insurance
Chris Kennedy, CISO & VP Customer Success, AttackIQ,  11/7/2019
Black Hat Q&A: Hacking a '90s Sports Car
Black Hat Staff, ,  11/7/2019
The State of Email Security and Protection
Mike Flouton, Vice President of Email Security at Barracuda Networks,  11/5/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprise
Assessing Cybersecurity Risk in Today's Enterprise
Security leaders are struggling to understand their organizations risk exposure. While many are confident in their security strategies and processes, theyre also more concerned than ever about getting breached. Download this report today and get insights on how today's enterprises assess and perceive the risks they face in 2019!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18881
PUBLISHED: 2019-11-12
WSO2 IS as Key Manager 5.7.0 allows unauthenticated reflected XSS in the dashboard user profile.
CVE-2019-18882
PUBLISHED: 2019-11-12
WSO2 IS as Key Manager 5.7.0 allows stored XSS in download-userinfo.jag because Content-Type is mishandled.
CVE-2019-18873
PUBLISHED: 2019-11-12
FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under "User Manager" in the control panel, the pa...
CVE-2019-18874
PUBLISHED: 2019-11-12
psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object.
CVE-2019-18862
PUBLISHED: 2019-11-11
maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode.