Android 9.0 could ship a security mechanism

Who blocks camera access for applications running in the background

According to a recent commit on the Android Open Source Project (AOSP), Google engineers implemented a new security feature in the Linux Security-Enhanced Linux (SELinux) module, which prevents unused applications or services that are in the background to access the camera with a UID (User ID).

To be more precise, it is after a certain time, which can be defined by the user or the one defined by default, that the security function no longer allows inactive applications or services running backwards. to access the camera. A measure that probably comes to prevent potential spyware or other malicious programs that could spy on you through the camera camera.

“If the UID becomes inactive, we generate an error and close the cameras for this UID,” reads the commit. “If an application in an idle user ID tries to use the camera, we immediately generate an error because applications must already handle these errors, so it’s possible to apply this policy to all applications to protect privacy.” users. ”

This new security feature, which will be deployed with Android P to block access to inactive apps in the background, highlights the fact that Google would like to take more important steps to protect Android users. Andrew Ahn, Product Manager on the Google Play team, said in late January that “Google Play is committed to providing a safe experience for billions of Android users to find and discover such applications. Over the years, this commitment has made Google Play a more reliable and secure place. ”

According to him, last year, Google has reduced by more than half the probability that a user installs a bad application, “protecting people and their devices, and making the task more difficult for those who seek to abuse the ecosystem of apps on Google Play for their own benefit. ”

And continue by saying “That in 2017 we removed more than 700,000 apps that violated the rules of Google Play, 70% more than the applications removed in 2016. Not only have we removed other bad apps, but we could also identify them. In fact, 99% of applications with abusive content have been identified and rejected before anyone can install them. This has been possible because of significant improvements in our ability to detect abuse – such as identity theft, inappropriate content, or malware – through new models and machine learning techniques. ”

In addition, given that its application showcase has reached record highs (more than 19 billion in the fourth quarter of 2017 alone), it is important for Google to redouble its efforts to better protect its users.

Android P – no photos or videos taken without your knowledge, Google will block access to the camera!

Android P, the next Google OS, will not allow applications to take photos or videos without your knowledge. Google will block access to the camera! A boon for privacy, but also for the autonomy of smartphones. Google would be working on such a feature for the next major version of Android, based on the interpretation of lines of code found in the Android Open Source Project.

Android P, which could be called Android Pie with reference to Pi, will further improve the security of its users through a feature revealed by XDA. In a commit of the Open Source Android project, a new rule regarding the use of the smartphone camera has appeared. A feature that stands as continuity of Google’s work on access to components of smartphones, after Marshmallow and Oreo. Thus, no photo or video can be taken without your knowledge!

Android P: access to the camera blocked for inactive applications

Thanks to the open source nature of Android, it is possible to discover as new features of the next Google OS. We know for example that Android P will record calls or that operators can hide the strength of the network signal with Android P. A commit reveals that access to the camera may be blocked by the Google OS when the request will come from an application considered inactive or running in the background

An evolution that will greatly limit the possibilities of malicious applications that run in the background. Indeed, to capture images, the application will appear in the foreground and will be reported to the user! Continuity after Marshmallow that already favored access to the applications in the foreground and visible to the user. And after Android Oreo, already available for a list of smartphones, which displays a notification to the user when an application is running.

Thus, when Android P detects that an inactive application is trying to access the smartphone’s camera, it will generate an internal error and block access. It is therefore a boon in the protection of privacy, but also for the autonomy of smartphones.

Android P could be called Android Pie with reference to the figure Pi

Android P could well take the name of Android Pie (pie). An appellation that would keep the tradition of cookies and desserts while making a nod to the mathematical symbol. Or how to claim to be greedy and geeky at a time. Nothing is decided yet of course, but Pi would be the code name used at Google for Android 9.0.

An appellation that allows to stay in the tradition of sweets and desserts while referring to the mathematical symbol Pi (3.14159265 …). Android P, code-name Android Pi. Google developers would use anyway the code name Android Pi to refer to Android 9.0, says Mishaal Rahman, specialist of Android Open Source Project (AOSP) for the site XDA Developers. Digging into the source code, he fell twice on references to Pi. Of course, it may be a temporary name, and nothing will be certain until the formalization of Google.

Rahman’s research has also led him to learn a little more about Project Treble, which speeds up the availability of Android updates. Appeared with Oreo, it would not be fully integrated before the arrival of Android P. Improvements in this area can make us hope that Android 9.0 is better adopted than its predecessor: Oreo is installed on less than 1% of smartphones Android.

We still know very little about the future Android P. XDA Developers had by the same means used to discover Android Pi already found that operators will be able to hide the strength of the network signal on Android 9.0. It could also be that Google is focusing on its Android Go and Android Things ecosystems. It will be necessary to wait several more months to be entitled to a communication on the next Google OS.

Android Messages: Google would prepare to deploy a Web client

So that you can answer your SMS and MMS on your computer

A year later, our colleagues in Android Police have found lines of code in version 2.9 of the application indicating that it is preparing to have a web interface. Clearly, it means that we could view and respond to our SMS and MMS from a computer or tablet with ease. The procedure would be quite simple: it would be enough to consult a website, scan a QR code from the application, and voila!

Another major change that accompanies it suggests that Google is tired of the slow deployment of RCS. Also, the application would push users to “write through Wi-Fi” in the future, using a new notification inviting to change protocol.

Where things get really interesting is that Google offers to provide some services rather than waiting for the operators to be ready. A line even carries the words “chat features powered by Google”, giving the impression that Google could offer to act as an intermediary for your email.

Our colleagues also talk about integrated purchasing and payment features. In the United States and other countries where Google Wallet is available, it is already possible to send money to friends, but it would be more a matter of making purchases.

Before giving details of the lines of code scanned, the site has written a disclaimer:

“Disassemblies are based on evidence found inside apks (the Android application package) and are necessarily speculative and usually based on incomplete information. It is possible that the assumptions made here are totally and completely false. Even when the forecasts are correct, there is always a chance that plans can change or be completely canceled. Just like the rumors, nothing is certain until it is officially announced and published.

“The features described are probably not online yet, or can only be online for a small percentage of users. Unless otherwise noted, do not expect to see these features if you are installing the apk. “

Android Fragmentation – Oreo finally exceeds the 1% adoption mark

Nougat becomes the most used version of the operating system

Google has updated its dashboard for the fragmentation of its mobile operating system.

Like Android Nougat before it, the Android version Oreo took five months to pass the milestone of 1% adoption.

This month, Android Nougat has surpassed Android Marshmallow in terms of market share, which means that the second most recent version of Android is now the most widely used. The latest version of Android usually takes more than a year to become the most used version, and so far, it does not seem that the story of Oreo is different.

Here are the changes that were observed between January and February:
Android 8.0 / 8.1 Oreo (August 2017, December 2017): up 0.4 points to 1.1%.
Android 7.0 / 7.1 Nougat (August 2016, October 2016): up 2.2 points to 28.5%.
Android 6.0 Marshmallow (October 2015): down 0.5 point to 28.1%.
Android 5.0 / 5.1 Lollipop (November 2014, March 2015): down 0.5 point to 24.6%.
Android 4.4 KitKat (October 2013): down 0.8 point to 12.0%.
Android 4.1 / 4.2 / 4.3 Jelly Bean (July 2012, November 2012 and July 2013): down 0.6 point to 5.0%.
Android 4.0 Ice Cream Sandwich (December 2011): down 0.1 point to 0.4%.
Android 2.3 Gingerbread (December 2010): down 0.1 point to 0.3%.

As shown in the diagram above, the order of adoption of Android is now as follows: Nougat in first position, followed by Marshmallow, then Lollipop. KitKat is in fourth place while Jelly Bean is in fifth position. Oreo is in sixth place, Ice Cream Sandwich in seventh and Gingerbread in last position. All eyes are now on Oreo to see how fast he is going to nibble away.

Google’s Platform Version tool uses data collected from the Google Play Store app, which requires the device to run on Android 2.2 or later. This means that devices running on older versions are not included in the statistics, let alone devices on which Google Play is not installed (like many Android phones and tablets in China, the Amazon Fire line, etc.). In addition, Android versions with adoption of less than 0.1%, such as Android 3.0 Honeycomb and Android 2.2 Froyo, are not listed. The two older Android versions will be deleted this year.

Android P will know a spectacular redesign and bring the support of the notch as the iPhone X

According to Bloomberg, Google would be working on a dramatic redesign of Android to support the next generation of smartphones that could copy the notch on the iPhone X. The new major update of the mobile OS on behalf of “Android P” code is expected later this year, it should bring better integration with Google’s personal assistant, better battery life and support new designs, such as multiple screens and foldable screens.

The main goal of the next Android update is to persuade more iOS users to migrate to Google’s mobile OS. The search engine intends to achieve this end by improving the design of its mobile OS. Bloomberg reported that this update would be quite the opposite of the next iOS update that should focus on performance and security.

Although Android continues to control the entry and mid-range segments of the global smartphone market, Apple controls the bulk of high-end sales, a segment that includes users spending more on apps and other services. For this reason, Google hopes that supporting the notch could help remedy this situation. This new design means that the next Android devices should have more space at the top of the screen to place cameras and other sensors. They will be able to bring new features to allow manufacturers to stay close to the elbow with technology from Apple.

But despite the rapid development cycle of Android, the mobile OS continues to suffer the problem of fragmentation. Indeed, out of more than one billion users, only a small minority runs under the latest version of Android Oreo. In fact, most users continue to use outdated versions of the OS, exposing users to real security risks and damaging Android’s reputation.

Google, which is a subsidiary of Alphabet, controls the software development of Android, while other manufacturers are responsible for the design of terminals. The search giant’s partners can also modify Android according to their needs, which means that not all the next Android smartphones will include the famous notch. This is especially true for Samsung, which has not missed the opportunity to make fun of Apple’s choice after the release of the iPhone X.

However, the fact that Google will support designs including a notch at the top of the screen suggests that the firm Mountain View hopes to see the design of the iPhone X gain popularity. For now, only a smartphone Essential, a startup led by Andy Rubin, includes the choice of design popularized by the iPhone X. But according to sources familiar with the subject, Huawei should also launch a smartphone with a similar design.

Android P should also focus on Google’s assistant who competes with Apple’s Siri and Alexa’s Amazon. Rumors suggest that developers will finally be able to integrate Google Assistant into their applications.

Haven – the portable security system on Android proposed by Snowden

Can he compete with surveillance cameras?

The Freedom of the Press Foundation (an NGO whose mission is to defend the freedom of the press and help journalists revealing corruption, misdemeanors and mismanagement of governments) and the Guardian Project (an initiative developing secure applications , open and easy to use to protect their communications and personal data) have launched a new Android application named Haven.

His goal is to turn a phone into a mini-surveillance kit. Users can install the Haven app on their primary or secondary phone, and the app will work by relying on the phone’s sensors (microphone, motion detector, light sensor, and cameras) to analyze the surroundings for the search. any change in environmental data.

For example, he will use the camera to detect motion and capture images, the accelerometer to detect when the phone is moved, the microphone to detect noise, and so on.

Haven only saves images and sound when it’s triggered by motion or pressing the volume key, and can store this information locally on the device or send it to another phone or to a remote website even when hosted on the Dark Web.

“The main view of the application allows the user to define which sensors to use and the corresponding sensitivity level,” explain Haven developers. “A security code must be provided, necessary to disable monitoring.”

You can position the device’s camera to capture visible movements, or set up your phone in a quiet place to listen for noises. You can receive secure notifications of intrusion events instantly and access remote logs later.

Edward Snowden, who is the president of the Foundation, and the rest of the development team created the app for use in the case of so-called “evil maid” attacks, an expression used to describe people with access physical to a device.

Users can then use Haven in different ways. They can leave the phone where Haven runs in their hotel room during their absence and receive notifications on another phone if someone enters the room.

They can also leave the Haven phone on a laptop or PC, and see if anyone is in front of the PC or trying to move the phone to access the laptop (and sensitive data contained in the PC).

They can install a Haven phone inside the safes and see if anyone else accesses its contents when they are away.

Android now gives indications on the speed of a Wifi network

The mobile device will need to be Oreo compatible

So far, Android smartphone users have benefited from a single indicator regarding their connection to a Wi-Fi network: the power of the signal. With Android Oreo, or for those who like numbers, version 8.1 of Google’s mobile operating system available since December 2017, the firm of Mountain View has decided to take a step forward. The latest version of its mobile operating system allows users to be informed of the speed of a Wi-Fi network before deciding to connect to it.

Thus, next to the traditional bar icon dedicated to the strength of a Wifi signal, a speed indication will appear under the name of a network. Google states that its operating system will return speed information only for public networks; those whose access requires the provision of a password are not affected. Google has decided to separate the speeds in four categories and at the same time indicated the possible uses:

  • slow: the user can make use of the feature of Wifi calls, make phone calls and send SMS.
  • Correct: You can view web pages, use social media, and stream music
  • fast: you can watch most videos streaming.
  • very high: viewing videos of very high quality streaming is possible.

In a forum reserved for Pixel, a smartphone from the Mountain View company, a community animator gives the details of these categories in terms of numbers:

  • slow: 0 to 1 megabit per second.
  • correct: 1 megabit per second at 5 megabits per second.
  • fast: 5 megabits per second to 20 megabits per second.
  • very high: at least 20 megabits per second.

Good news in principle for the regulars of Wifi networks who should be able to choose more easily which to choose. Note however that only smartphone owners already equipped with the second developer preview can make the jump to the final release of the OS with this feature through an update Over The Air (OTA). In this category, there are de facto users of smartphones Pixel and Nexus that do not suffer the fragmentation of the Android ecosystem. In most other cases, you will probably need an Oreo compatible device.

Different ecosystems, different realities in principle, but not in all cases. Indeed, with the addition of this feature to its mobile operating system, it quickly comes to the lips of the observer the question: what is happening on this side on the side of the giant of the mark at the apple ? To date, it seems that no version of iOS returns this type of information. On the other hand, the DataMeter application, available under this OS, makes it possible to display the speed of a download made through the Wifi or telephone network, which makes it possible to get an idea.

Android – back on the Treble project

What impact on the development of alternative ROMs?

Android alternative ROMs, a last resort for smartphone users for whom the manufacturer no longer provides support, benefit from the launch of Android Oreo (the latest version of Google’s mobile operating system). According to opinions gathered on the specialized site “XDA developers”, the new operating system is well on track to give a new breath to the development of customized system images.

It must indeed take into account the fact that Oreo is a break with its predecessors. And for good reason, the architecture of the operating system is special and its details, recorded in the documentation of the Treble project which was also published on this platform last May.

Google has not made the economy of developments in this project. Oreo separates the hardware abstraction layers put in place by the chip makers of the operating system framework. “Treble-enabled smartphones have partitions dedicated to backing up hardware abstraction layers [by chipmaker],” reports XDA Developers.

The measure is intended to speed up the process of updating the operating system. Under these conditions, in fact, the original equipment manufacturer is not conditioned by the provision of the hardware abstraction layer to work on an update of the operating system. It is also expected that chip manufacturers can proceed with the release of hardware abstraction layer updates through the Play Store. Google ensures the quality of the “chip maker interface” through its Vendor Test Suite (VTS) certification tests which, if successful, make the device a “Treble compatible” device.

According to developments at the XDA Developers, the Treble project is already bearing fruit. One of the requirements of the VTS certification test suite is that a device is able to boot with an AOSP ROM build. So far, contributors to the site have managed to compile an AOSP ROM identical to the one that Google makes available to OEMs.

“We have an AOSP ROM that we are sure we can use to boot Treble compatible. The bulk of the work was done by the original chip and equipment manufacturers, “reports the XDA Developers site.

Pixel smartphones are de facto excellent candidates for experimentation with this ROM as tailor-made for them. Contributors to the site report using the ROM to start smartphones from three different original equipment manufacturers (Huawei Mate 9, Sony Xperia Z1 and an Essential Phone).

This is a promising prospect for owners of Treble compatible smartphones. We are entitled to think that the community will ensure that the lifespan of their devices can be extended in case of abandonment by the manufacturer. There is still some work to do as reported by the contributors. They also note that the path taken by chip and original equipment manufacturers significantly reduces the ROM development work for additional devices. Contributors from all sides, on your marks, ready, go!

A flaw in Android allows an attacker to record screen activity and system audio

Lollipop, Marshmallow and Nougat involved

The Android operating system is present on billions of devices around the world and, as software, does not escape one of the rules of the test which states that the absence of the faults is a utopia. Researchers at security firm MWR InfoSecurity have exposed a new operating system vulnerability. Back to Google in early January 2017 by the team of researchers, it allows an attacker to abuse an application to get a user to record the activity of his screen without his knowledge. The briefing note also notes the possibility of siphoning the audio from the system.

Vulnerability affects smartphones that run the Lollipop, Marshmallow and Nougat distributions; that is, when these lines are written, more than 75% of the Android devices on the market are concerned. This is due to the MediaProjection framework that launched with Lollipop distribution and whose role is to allow developers to capture the screen activity of a smartphone.

According to researchers at the security firm MWR InfoSecurity, in distributions prior to Lollipop, applications with such features had to either have root privileges or be signed with special keys, which leaves think that they were reserved for original equipment manufacturers. From Lollipop, they are accessible to third-party developers via this framework and the consequence is that they do not need root privileges or application signatures.

Moreover, as noted by the researchers of the security firm, it is not necessary to require permissions via the manifest file of the application. “To use the service, an application only needs to access it through an Intent. Access to the service is granted through the display of a system prompt that warns the user that the application requires permission to capture the screen activity, “write the researchers. In principle, the user is notified of the activity that is problematic except that the researchers of the security firm add that it is possible to superimpose a malicious invitation to that generated by the system. A message well placed and the user of the application is rolled.

“This vulnerability is mainly due to the fact that the affected Android versions are unable to detect that a system prompt has been partially hidden,” the researchers added.

To date, only the Oreo distribution of the Android operating system contains a fix for this problem. Old distributions of the operating system therefore remain vulnerable. However, researchers at the security firm say that this type of attack is not completely silent. According to the latter, an application that accesses this service generates a notification in the dedicated bar for this purpose. Users should pay particular attention to the presence of a screencast icon as shown above. Morality: pay attention to the applications that we download. Fortunately, in this case there is a point of support for vigilance.