One Article Review
| Source |  GoogleSec |
|---|---|
| Identifiant | 4593780 |
| Date de publication | 2022-05-11 15:49:52 (vue: 2022-05-13 21:47:30) |
| Titre | I/O 2022: Android 13 security and privacy (and more!) |
| Texte | Posted by Eugene Liderman and Sara N-Marandi, Android Security and Privacy TeamEvery year at I/O we share the latest on privacy and security features on Android. But we know some users like to go a level deeper in understanding how we're making the latest release safer, and more private, while continuing to offer a seamless experience. So let's dig into the tools we're building to better secure your data, enhance your privacy and increase trust in the apps and experiences on your devices. Low latency, frictionless securityRegardless of whether a smartphone is used for consumer or enterprise purposes, attestation is a key underpinning to ensure the integrity of the device and apps running on the device. Fundamentally, key attestation lets a developer bind a secret or designate data to a device. This is a strong assertion: "same user, same device" as long as the key is available, a cryptographic assertion of integrity can be made. With Android 13 we have migrated to a new model for the provisioning of attestation keys to Android devices which is known as Remote Key Provisioning (RKP). This new approach will strengthen device security by eliminating factory provisioning errors and providing key vulnerability recovery by moving to an architecture where Google takes more responsibility in the certificate management lifecycle for these attestation keys. You can learn more about RKP here.  We're also making even more modules updatable directly through Google Play System Updates so we can automatically upgrade more system components and fix bugs, seamlessly, without you having to worry about it. We now have more than 30 components in Android that can be automatically updated through Google Play, including new modules in Android 13 for Bluetooth and ultra-wideband (UWB). Last year we talked about how the majority of vulnerabilities in major operating systems are caused by undefined behavior in programming languages like C/C++. Rust is an alternative language that provides the efficiency and flexibility required in advanced systems programming (OS, networking) but Rust comes with the added boost of memory safety. We are happy to report that Rust is being adopted in security critical parts of Android, such as our key management components and networking stacks. Hardening the platform doesn't just stop with continual improvements with memory safety and expansion of anti-exploitation techniques. It also includes hardening our API surfaces to provide a more secure experience to our end users. In Android 13 we implemented numerous enhancements to help mitigate potential vulnerabilities that app developers may inadvertently introduce. This includes making runtime receivers safer by allowing developers to specify whether a particular broadcast receiver in their app s |
| Envoyé | Oui |
| Condensat | 125 2022: able about above access accessed accessing action actionable actors add added addition additional address adopted advanced after against age alerted alerts all allowing allows also alternative always amazing analyst anchored and/or android androidwe announce announced announcing annoying another anti any api app approach apps architecture are around ask assertion assertion: attempts attestation audio authorized automatically available avoid backed background bad badges because been before began begin behalf behavior being believe beta better beyond billion bind birth block blocked bluetooth boost both bring brings broadcast bugs build building built bundle but c/c++ can cards cases caused center centric certain certificate certification changed clear click clipboard code coded collect color comes common companies completed components consolidate consumer continual continuing control conversations copied corporate count coverage credential credentials criteria critical cryptographic customers data date day declare deeper default defense deleting designate destination details detection developer developers development device devices dig digital directly doesn don download driver easier ecosystem efficiency either eliminating enable enabling encryption end enhance enhancements ensure ensures enterprise equal errors eugene even everyone evolve exact exactly example expanded expansion experience experiences exploitation exported extended factory feature features feel files filters finally fine fix flexibility foundation frictionless from front full function functionality fundamentally further get getting give globally google governments grained group guidance hand happy hard hardening hardens have haven having help helpful helping helps here highest history how i/o identifiable identity ids image implement implemented importance improve improvements improving inadvertently includes including increase increasingly independent independently index information insight install instill integrity intend intent intents introduce introduced introduced end isn iso issues its just key keys kits know known lab language languages last latency later latest launch learn let lets level leverage library license licenses liderman lifecycle like limited line link little location logging logs long looking lot low made major majority make makers making malware management many marandi masvs matching may means media meet memory messages messages to messaging migrated mitigate mobile model modules month more moving much must name nearby need networking new non not nothing notifications notify now number numerous offer old one open operating organizations other out over owasp packaged page particular partners parts party per performance period permission permissions personal personally phishing photo photos picker pii place plan plastic platform play posted potential pre present preserving previously privacy private proactively program programming protect protected protection protections proud provide providers provides providing provisioning purposes puts rated receiver receivers recent recognized recommendations recovery reducing related release releases reliability remote removing report reporting require required requirements requiring reset resetting responsibility retain returned revealing review risks rkp rolling running runtime rust safe safer safety same sara scams scans sdk sdks seamless seamlessly secret section secure security securityregardless see seeing select send separate settings share short should showcase signals simple since situations small smartphone software solutions some someone spam specify stacks standard standards started states status steps stop storage strengthen strong student such support sure surfaces system systems take takes talked teamevery techniques termsandroid texts than them then these think third through time timely tools top transparent trust trustmost try trying turn two typically ultra undefined underpinning understand understanding unneeded updatable updated updates upgrade use used u |
| Tags | Spam Vulnerability |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.