michelangelus - Fotolia
A new OS release can come with complications, and IT departments must prepare to mitigate the various end-user security issues that could arise. But Android 7.0 Nougat, which Google released to Nexus devices in August 2016, leaves behind the tricks and delivers some serious treats. IT admins can bite into three major Android Nougat security improvements.
Stagefright bows out
The Stagefright exploit has been a big crack in Android's armor, affecting all devices and OSes all the way back to Android 1.0. Since security company Zimperium discovered the vulnerability last year, Google has been trying to keep it at bay with multiple patches, but has also flagged the Android media server on its monthly Android Security Bulletin.
Thanks to a complete overhaul of Android's media framework, Nougat puts an end to this dangerous exploit, making life a little more difficult for hackers -- at least for now.
Chromebook users are accustomed to the upward-pointing arrow that indicates when they have downloaded an update that will be applied upon reboot. Android Nougat approaches updating in the same fashion, which is important because most users neglect updating their OSes. That notion must strike fear in the hearts of IT pros. Updates happen for a reason. They often patch security vulnerabilities or add crucial new features. When users don't bother checking for updates, their devices can't benefit from those improvements.
Nougat downloads and installs updates in the background without the user taking any action. As soon as the user reboots the device, the updated version starts automatically, without the user even knowing anything happened. The only caveat is if users don't reboot their devices for long periods -- then IT might have to contend with a fragmentation problem.
The new seamless update process only involves Android itself; users will still have to update their apps on a regular basis.
Data and app encryption boost Android Nougat security
Android Nougat also has a new boot method, which affects what happens to a device before its user enters an unlock passcode or pattern. Prior to unlocking, Android will boot into what is called Direct Boot mode to protect sensitive data by splitting it into two groups:
- Device Encrypted Storage (DES): a storage location available both during Direct Boot mode and after the user has unlocked the device; and
- Credential Encrypted Storage (CES): the default storage location, which is only available after the user has unlocked the device.
Most applications will fall under the CES group; in order for an app to fall under DES, the developer has to register certain components, including:
- Apps that have scheduled notifications -- alarm clock apps;
- Apps that provide important user notifications -- SMS apps; and
- Apps that provide accessibility services -- Talkback.
So unless developers have registered their apps, users will only be able to access them under CES and on unlocked devices.
How Nougat boosts Android device security
Four tips to up Android mobile security
Q&A: Android Nougat's best enterprise features
Dig Deeper on Enterprise mobile security
Related Q&A from Jack Wallen
It's important to prevent data loss during a Linux OS upgrade. How can partitions or disk drives help IT teams meet that goal? Continue Reading
Android users can sideload apps outside of the Google Play Store, but these apps aren't screened for malware like commercial apps are. IT must urge ... Continue Reading
With a new BlackBerry Android phone, the flailing company hopes to turn its sinking ship around. Continue Reading