How security works in Android phones
Guest writer (and friend) Mike Warner chips in with clarification on things that I (and almost everyone else) gets wrong about Android security...
In Android there are three levels of security and updates to functionality. From the highest to lowest levels we have:
Google Play Services implements all the Google developed services, such as App Notifications, Location, Advertising, Google Pay and Mapping and is updated by the Google Play Store automatically to fix any security issues or add new functionality.
Google Play Services is distributed only to Google Certified Android devices, so some Chinese phones like Huawei and devices running forks of Android, like Amazon Fire tablets, do not contain this module.
Without Google Play Services, the OEM has to provide their own App Store and replace the Google defined services with their own set of services to ensure that Android apps expecting this functionality to exist still work.
Google Play System Update consists of a set of modules which implement all the core OS services such as Multimedia, WiFi, Health and Cellular connectivity.
These modules, prior to Android 10, used to be tightly integrated into the operating system so could only be updated through OEM firmware updates.
After high profile security issues, like the Stagefright vulnerability which allowed attackers to execute malicious code via an MMS message which affected every single Android device and had no mechanism to fix it en-mass, Google decided to migrate as many of these high risk components out of the core operating system and into independently updatable modules as they could. This push was called Project Mainline.
Any updates to these modules, to fix security or add functionality, can be pushed out by Google independently of the OEM, keeping all Android phones up to date and secure, irrespective of the OEM’s firmware update schedule.
The Android Security Update is the lowest (as in closest to the kernel) level of security, and is distributed as part of the OEMs firmware update. Whilst many of the software components have been moved into the modules covered by Google Play System Updates, some of the lowest level components require a firmware update by the OEM. Updates for the Linux kernel, fixes distributed by the SoC vendor and other proprietary hardware components all require a firmware update.
PS. If you wish to see a list of the updates to the Google Play Store, Play Services and Play System Updates, these are all documented in Google’s System Monthly Release Notes.
In Android there are three levels of security and updates to functionality. From the highest to lowest levels we have:
- Google Play Services
- Google Play System Update
- … and the (often monthly) Android Security Update
Google Play Services is distributed only to Google Certified Android devices, so some Chinese phones like Huawei and devices running forks of Android, like Amazon Fire tablets, do not contain this module.
Without Google Play Services, the OEM has to provide their own App Store and replace the Google defined services with their own set of services to ensure that Android apps expecting this functionality to exist still work.
Google Play System Update consists of a set of modules which implement all the core OS services such as Multimedia, WiFi, Health and Cellular connectivity.
These modules, prior to Android 10, used to be tightly integrated into the operating system so could only be updated through OEM firmware updates.
After high profile security issues, like the Stagefright vulnerability which allowed attackers to execute malicious code via an MMS message which affected every single Android device and had no mechanism to fix it en-mass, Google decided to migrate as many of these high risk components out of the core operating system and into independently updatable modules as they could. This push was called Project Mainline.
Any updates to these modules, to fix security or add functionality, can be pushed out by Google independently of the OEM, keeping all Android phones up to date and secure, irrespective of the OEM’s firmware update schedule.
The Android Security Update is the lowest (as in closest to the kernel) level of security, and is distributed as part of the OEMs firmware update. Whilst many of the software components have been moved into the modules covered by Google Play System Updates, some of the lowest level components require a firmware update by the OEM. Updates for the Linux kernel, fixes distributed by the SoC vendor and other proprietary hardware components all require a firmware update.
Rationale
In essence, almost all the attack surfaces for Android have been moved out of the kernel and into independently updatable modules to minimise the chance that a security issue would require all OEMs to issue a firmware update for all of their phones, as we know this is an impossibility.PS. If you wish to see a list of the updates to the Google Play Store, Play Services and Play System Updates, these are all documented in Google’s System Monthly Release Notes.
Comments