- Google develops Android Verified Boot 2.0 with Project Treble .
- Android Oreo includes new OEM Lock Hardware Abstractions Layer.
- Google implements Control Flow Integration (CFI) .
Google has explained all the key Security enhancement that it has designed for android Ore. The Latest Android version is already on many of mobile Device like recently Google pixel and Nexus Mobile Model .In the last November analysis that it is only covers 0.5 Percent active Android device .
We Know that Android Marsh Nougat already improved Hardware Security on Mobile Device . But Google wants more improved version . so Google has provided a new Position with verified Boot that is designed . its main feature is bearded device from booting up with tampered software . The reference implementation, called Android verified Boot 2.0, runs with Project Triple to enabler security updates such as a common footer format and rollback protection . The latter among the two is designed to prevent a device to boot if downgraded to an older OS version, which could include some vulnerabilities. Initially, Google’s Pixel 2 and Pixel 2 XL are available with the newest development, though the Android maker recommends all device manufacturers to add the same feature to their new devices.
The new version verified Boot updates ,Android Ore Includes the new Lock hardware Abstractions Layer which is allow device manufacture how they secure whether device locked, unlocked, or unlock able . Google has also implement temper resistant hardware attack on the New pixel 2 family .it is also resists physical diffusion attack.
Android Ore Version is also enable Isolation by direct hardware access from ht default media frame works Integration (CFI) across all media components to disallow arbitrary changes to the original control flow graph to make it harder for attackers to perform malicious activities. Oreo version also has seccomp filtering, hardened usercopy, Privileged Access Never (PAN) emulation, and Kernel Address Space Layout Randomisation (KASLR). Additionally, Google has isolated Web View by splitting the rendering engine into a separate process and running the same in an isolated sandbox to restrict external