michelangelus - Fotolia

How has Android Nougat security improved?

As Android Nougat starts hitting devices, some IT admins may be dreading the rollout. But new and improved security features make the new OS much more palatable.

A new OS release can come with complications, and IT departments must prepare to mitigate the various end-user security issues that could arise. But Android 7.0 Nougat, which Google released to Nexus devices in August 2016, leaves behind the tricks and delivers some serious treats. IT admins can bite into three major Android Nougat security improvements.

Stagefright bows out

The Stagefright exploit has been a big crack in Android's armor, affecting all devices and OSes all the way back to Android 1.0. Since security company Zimperium discovered the vulnerability last year, Google has been trying to keep it at bay with multiple patches, but has also flagged the Android media server on its monthly Android Security Bulletin.

Thanks to a complete overhaul of Android's media framework, Nougat puts an end to this dangerous exploit, making life a little more difficult for hackers -- at least for now.

Seamless updates

Nougat downloads and installs updates in the background without the user taking any action.

Chromebook users are accustomed to the upward-pointing arrow that indicates when they have downloaded an update that will be applied upon reboot. Android Nougat approaches updating in the same fashion, which is important because most users neglect updating their OSes. That notion must strike fear in the hearts of IT pros. Updates happen for a reason. They often patch security vulnerabilities or add crucial new features. When users don't bother checking for updates, their devices can't benefit from those improvements.

Nougat downloads and installs updates in the background without the user taking any action. As soon as the user reboots the device, the updated version starts automatically, without the user even knowing anything happened. The only caveat is if users don't reboot their devices for long periods -- then IT might have to contend with a fragmentation problem.

The new seamless update process only involves Android itself; users will still have to update their apps on a regular basis.

Data and app encryption boost Android Nougat security

Android Nougat also has a new boot method, which affects what happens to a device before its user enters an unlock passcode or pattern. Prior to unlocking, Android will boot into what is called Direct Boot mode to protect sensitive data by splitting it into two groups:

  • Device Encrypted Storage (DES): a storage location available both during Direct Boot mode and after the user has unlocked the device; and
  • Credential Encrypted Storage (CES): the default storage location, which is only available after the user has unlocked the device.

Most applications will fall under the CES group; in order for an app to fall under DES, the developer has to register certain components, including:

  • Apps that have scheduled notifications -- alarm clock apps;
  • Apps that provide important user notifications -- SMS apps; and
  • Apps that provide accessibility services  -- Talkback.

So unless developers have registered their apps, users will only be able to access them under CES and on unlocked devices.

Next Steps

How Nougat boosts Android device security

Four tips to up Android mobile security

Q&A: Android Nougat's best enterprise features

Dig Deeper on Enterprise mobile security