Android 8.0 in-depth: Oreo's not-so-obvious security enhancements - Computerworld

Android 8.0 in-depth: Oreo's not-so-obvious security enhancements - Computerworld


Android 8.0 in-depth: Oreo's not-so-obvious security enhancements - Computerworld

Posted: 29 Aug 2017 12:00 AM PDT

When you read about a splashy new software update like Google's fresh-from-the-oven Android 8.0 Oreo release, you tend to hear mostly about the marquee features — the most attention-grabbing elements and refinements you're likely to notice when you get the update on your own device.

It's understandable, since those are the things we all see most immediately and directly. Beneath the surface, though, Oreo has some pretty significant stuff going on in the realm of security — stuff that hasn't been widely covered but is as important as anything else to understand.

Some of it's fairly technical and much of it's the sort of info you'd probably never encounter if you didn't frequent developer-targeted talks and forums. But all of it affects your phone's ability to keep you safe from theoretical threats — and all of it is worthwhile to be aware of.

Here are the high points, translated from mumbo jumbo into practical, plain-English terms.

Android 8.0 security point #1: Oreo changes some things about permissions.

Whenever you install a new app, you grant it permission to access certain types of data and perform certain types of functions on your device. (You know when you first run an app, and it shows you a bunch of info — all those prompts you hit "OK" on without paying close attention? Yeah, that's the stuff.) With Oreo, Android is rethinking a couple of those permissions and scaling back what apps are allowed to do.

Up first is a permission for generating something called a System Alert Window. It's ostensibly for displaying, y'know, system alerts — but over time, it's been adopted for a variety of other overlay-oriented purposes. Some apps use it to provide picture-in-picture-like elements that float on top of other apps, for instance, while password management utilities have traditionally used it to generate pop-up boxes for filling in forms across the operating system.

Comments

Popular Posts

Signal, WhatsApp and Telegram: All the major security differences between messaging apps - CNET

VPN browser extensions: Why you shouldn't use then - Tech Advisor

Police Target Criminal Users of Sky ECC Cryptophone Service - BankInfoSecurity.com