joonpear: Android O

Home / Android O

Showing posts with label Android O. Show all posts

Saturday, October 27, 2018

Welcoming Android 8.1 Oreo In Addition To Android Oreo (Go Edition)

Posted past times Dave Burke, VP of Engineering

At Google for India this Monday, nosotros announced the in conclusion loose of Android 8.1 Oreo. Android 8.1 Oreo is some other exciting measuring toward bringing to life our vision of an AI-first mobile platform, for everyone, everywhere.

Android 8.1 introduces back upward for our novel Android Oreo (Go edition) software experience for entry-level devices. Android Oreo (Go edition) brings the best of Android to the speedily growing marketplace position for low-memory devices around the world, including your apps in addition to games.

Android 8.1 also introduces the Neural Networks API, a hardware accelerated automobile learning runtime to back upward ML capabilities inwards your apps. On supported devices, the Neural Networks API enables fast in addition to efficient inference for a hit of fundamental move cases, starting amongst vision-based object classification.

You tin acquire started amongst Android 8.1 Oreo (API grade 27) today. We're pushing sources to Android Open Source Project now, in addition to rolling out the update to supported Pixel in addition to Nexus devices over the adjacent week. We're also working amongst our device maker partners to convey Android 8.1 to to a greater extent than devices, including Android Oreo (Go edition) devices, inwards the months ahead.

Android Oreo (Go edition)

As announced at Google I/O 2017, the "Android Go" projection is our first to optimize the Android experience for billions of people coming online around the world. Starting amongst Android 8.1, we're making Android a corking platform for entry-level devices inwards the Android Oreo (Go edition) configuration:

Memory optimizations -- Improved retention usage across the platform to ensure that apps tin run efficiently on devices amongst 1GB or less RAM.
Flexible targeting options -- New hardware characteristic constants to permit y'all target the distribution of your apps to normal or low-RAM devices through Google Play.
Optimized Google apps: Rebuilt in addition to optimized versions of Google apps, using less memory, storage space, in addition to mobile data.
Google Play: While all apps volition hold upward available on Android Oreo (Go edition) devices, Google Play volition give visibility to apps specifically optimized past times developers to render a corking experience for billions of people amongst the building for billions guidelines.

We've updated the building for billions guidelines amongst additional guidance on how to optimize your app for Android Oreo (Go edition) devices. For most developers, optimizing your existing APK or using Google Play's Multiple APK feature to target a version of your APK to low-RAM devices is the best means to prepare for Android Oreo (Go edition) devices. Remember that making your app lighter in addition to to a greater extent than efficient benefits your whole audience, regardless of device.

Neural Networks API

The Neural Networks API provides accelerated computation in addition to inference for on-device automobile learning frameworks similar TensorFlow Lite -- Google's cross-platform ML library for mobile -- equally good equally Caffe2 in addition to others. TensorFlow Lite is now available to developers, hence see the TensorFlow Lite opened upward source repo for downloads in addition to docs. TensorFlow Lite industrial plant amongst the Neural Networks API to run models similar MobileNets, Inception v3, in addition to Smart Reply efficiently on your mobile device.

Autofill enhancements in addition to more

Android 8.1 includes pick out new features in addition to developer APIs (API grade 27), along amongst the latest optimizations, põrnikas fixes, in addition to safety patches. Extend your app amongst Autofill enhancements, a SharedMemory API, in addition to more. You tin also add together established Android Oreo features equally well, encounter the Android Oreo site for details.

Test your apps on Android 8.1

If haven't already, accept a few moments today to exam your apps in addition to brand certain they offering the experience y'all desire for users upgrading to Android 8.1 Oreo.

Just install your electrical flow app from Google Play onto a device or emulator running Android Oreo in addition to exam the user flows. The app should run in addition to expect great, in addition to handgrip the Android Oreo behavior changes properly. In particular, pay attending to background location limits, notification channels, in addition to changes inwards networking, security, in addition to identifiers.

Speed your evolution amongst Android Studio

To create amongst Android 8.1, nosotros recommend updating to Android Studio 3.0, which is at in ane lawsuit available from the stable channel. On happen of the novel app performance profiling tools, back upward for the Kotlin programming language, in addition to Gradle create optimizations, Android Studio 3.0 makes it easier to railroad train for Android Oreo features similar Instant Apps, XML Fonts, downloadable fonts, in addition to adaptive icons.

With the in conclusion platform we're updating the SDK in addition to create tools inwards Android Studio, equally good equally the API Level 27 emulator arrangement images. We recommend updating to the Android Support Library 27.0.2, which is available from Google's Maven repository. See the version notes for details on what's new.

As always, we're providing downloadable manufacturing flora in addition to OTA images on the Nexus Images page to handle y'all do in conclusion testing on your Pixel in addition to Nexus devices.

Publish your updates to Google Play

When you're ready, y'all tin break your APK updates targeting API grade 27 inwards your alpha, beta, or production channels. Make certain that your updated app runs good on Android Oreo equally good equally older versions. We recommend using beta testing to acquire early on feedback from a pocket-sized grouping of users in addition to a pre-launch report to handle y'all position whatever issues, hence do a staged rollout. Head over to the Android Developers site to abide by to a greater extent than information on launch best practices. We're looking frontwards to seeing your app updates!

What's adjacent for Android Oreo?

We'll shortly hold upward closing the Developer Preview resultant tracker, but delight maintain the feedback coming! If y'all nevertheless encounter an resultant that y'all filed inwards the preview tracker, simply file a novel issue against Android 8.1 inwards the AOSP resultant tracker. You tin also move along to give us feedback or enquire questions inwards the developer community.

Friday, October 26, 2018

Double Stuffed Safety Inwards Android Oreo

Android Android Developer Android O AndroidO Develop Featured Privacy Security

Posted past times Gian G Spicuzza, Android Security team

Android Oreo is stuffed total of safety enhancements. Over the past times few months, we've covered how we've improved the safety of the Android platform together with its applications: from making it safer to larn apps, dropping insecure network protocols, providing to a greater extent than user command over identifiers, hardening the kernel, making Android easier to update, all the mode to doubling the Android Security Rewards payouts. Now that Oreo is out the door, let's conduct maintain a await at all the goodness inside.

Expanding back upwards for hardware security

Android already supports Verified Boot, which is designed to foreclose devices from booting upwards alongside software that has been tampered with. In Android Oreo, nosotros added a reference implementation for Verified Boot running alongside Project Treble, called Android Verified Boot 2.0 (AVB). AVB has a brace of cool features to brand updates easier together with to a greater extent than secure, such equally a mutual footer format together with rollback protection. Rollback protection is designed to foreclose a device to kick if downgraded to an older OS version, which could survive vulnerable to an exploit. To exercise this, the devices salvage the OS version using either special hardware or past times having the Trusted Execution Environment (TEE) sign the data. Pixel 2 together with Pixel 2 XL come upwards alongside this protection together with nosotros recommend all device manufacturers add together this characteristic to their novel devices.

Oreo also includes the novel OEM Lock Hardware Abstraction Layer (HAL) that gives device manufacturers to a greater extent than flexibility for how they protect whether a device is locked, unlocked, or unlockable. For example, the novel Pixel phones work this HAL to travel past times commands to the bootloader. The bootloader analyzes these commands the side past times side fourth dimension the device boots together with determines if changes to the locks, which are securely stored inward Replay Protected Memory Block (RPMB), should happen. If your device is stolen, these safeguards are designed to foreclose your device from beingness reset together with to perish along your information secure. This novel HAL fifty-fifty supports moving the lock dry soil to dedicated hardware.

Speaking of hardware, we've invested back upwards inward tamper-resistant hardware, such equally the security module works life inward every Pixel 2 together with Pixel 2 XL. This physical chip prevents many software together with hardware attacks together with is also resistant to physical penetration attacks. The safety module prevents deriving the encryption fundamental without the device's passcode together with limits the charge per unit of measurement of unlock attempts, which makes many attacks infeasible due to fourth dimension restrictions.

While the novel Pixel devices conduct maintain the special safety module, all novel GMS devices transportation alongside Android Oreo are required to implement key attestation. This provides a machinery for strongly attesting IDs such equally hardware identifiers.

We added novel features for enterprise-managed devices equally well. In piece of work profiles, encryption keys are straightaway ejected from RAM when the profile is off or when your company's admin remotely locks the profile. This helps secure enterprise information at rest.

Platform hardening together with procedure isolation

As constituent of Project Treble, the Android framework was re-architected to brand updates easier together with less costly for device manufacturers. This separation of platform together with vendor-code was also designed to improve security. Following the principle of to the lowest degree privilege, these HALs run inward their own sandbox together with solely conduct maintain access to the drivers together with permissions that are absolutely necessary.

Continuing alongside the media stack hardening inward Android Nougat, nearly direct hardware access has been removed from the media frameworks inward Oreo resulting inward improve isolation. Furthermore, we've enabled Control Flow Integrity (CFI) across all media components. Most vulnerabilities today are exploited past times subverting the normal command catamenia of an application, instead changing them to perform arbitrary malicious activities alongside all the privileges of the exploited application. CFI is a robust safety machinery that disallows arbitrary changes to the master copy command catamenia graph of a compiled binary, making it significantly harder to perform such attacks.

In add-on to these architecture changes together with CFI, Android Oreo comes alongside a feast of other tasty platform safety enhancements:

Seccomp filtering: makes some unused syscalls unavailable to apps together with so that they can't survive exploited past times potentially harmful apps.
Hardened usercopy: Influenza A virus subtype H5N1 recent survey of safety bugs on Android revealed that invalid or missing bounds checking was seen inward unopen to 45% of substance vulnerabilities. We've backported a bounds checking characteristic to Android kernels 3.18 together with above, which makes exploitation harder piece also helping developers location issues together with laid upwards bugs inward their code.
Privileged Access Never (PAN) emulation: Also backported to 3.18 kernels together with above, this characteristic prohibits the substance from accessing user infinite direct together with ensures developers utilize the hardened functions to access user space.
Kernel Address Space Layout Randomization (KASLR): Although Android has supported userspace Address Space Layout Randomization (ASLR) for years, we've backported KASLR to assistance mitigate vulnerabilities on Android kernels 4.4 together with newer. KASLR works past times randomizing the location where substance code is loaded on each boot, making code reuse attacks probabilistic together with thence to a greater extent than hard to deport out, particularly remotely.

App safety together with device identifier changes

Android Instant Apps run inward a restricted sandbox which limits permissions together with capabilities such equally reading the on-device app listing or transmitting cleartext traffic. Although introduced during the Android Oreo release, Instant Apps supports devices running Android Lollipop together with later.

In society to grip untrusted content to a greater extent than safely, we've isolated WebView past times splitting the rendering engine into a form procedure together with running it within an isolated sandbox that restricts its resources. WebView also supports Safe Browsing to protect against potentially unsafe sites.

Lastly, we've made significant changes to device identifiers to give users to a greater extent than control, including:

Moving the static Android ID together with Widevine values to an app-specific value, which helps boundary the work of device-scoped non-resettable IDs.
In accordance alongside IETF RFC 7844 anonymity profile, net.hostname is straightaway empty together with the DHCP customer no longer sends a hostname.
For apps that postulate a device ID, we've built a Build.getSerial() API together with protected it behind a permission.
Alongside safety researchers¹, nosotros designed a robust MAC address randomization for Wi-Fi scan traffic inward diverse chipsets firmware.

Android Oreo brings inward all of these improvements, together with many more. As always, nosotros appreciate feedback together with welcome suggestions for how nosotros tin improve Android. Contact us at security@android.com.

_____________________________________________________________________

1: Glenn Wilkinson together with squad at Sensepost, UK, Célestin Matte, Mathieu Cunche: University of Lyon, INSA-Lyon, CITI Lab, Inria Privatics, Mathy Vanhoef, KU Leuven