Android HAL – Recent Developments and Security Enhancements
This blog talks about the recent Android HAL Development and the best practices to keep in mind while building a secure Android HAL and other Development applications.
Overtime, we have been witnessing the evolution of Android HAL and the Android HAL framework, with new features, increased security levels and a more user-centric design. The Android HAL defines a standard interface for hardware vendors to implement, which ensures that the Android framework is platform agnostic w.r.t lower-level driver implementations. The Android HAL allows users to implement functionality without impacting or modifying the higher level system. From the time when HTC introduced the first Android phone in 2008, the operating system has evolved enormously making it the most sought-after operating system for smartphone, tablet and other smart devices. In May 2019, the number of active Android devices crossed 2.5 Billion and that speaks volume about the popularity and acceptance the Linux based open-source platform has received over a decade. Today, Android holds about 85% of the global mobile operating system market. The latest version of the Android OS, 9.0 Pie is AI enabled for better efficiency and better user experience. It is designed to enhance user experience, making it more intuitive and user-friendly. A few of the worth citing new features are adaptive battery and adaptive brightness. The latest Android HAL also enables you to switch between apps using gestures.
Security, an Uncompromising Effort!
Ever since the launch of Android, Google has been striving to improve the security of the OS on all fronts. Measurable progress has been visible in every new version of Android over the years. Google introduced Android HAL with Verified Boot 2.0 way back with KitKat (4.4), which prevents the device from booting, if the software gets tampered by a malware. In Oreo, the Android HAL has been further enhanced by adding Rollback protection that prevents the device from booting in case a hacker downgrades the OS to overcome Android Verified Boot 2.0 feature and attempts an unauthorized access to the device.
Android 9.0 is further enabled the Android HAL with additional security and privacy features like encryption of Android backups, Bio-metric Authentication, Android Protected Confirmation, StrongBox and Privacy enhancements that restrict idle applications from accessing the device’s microphone, camera, or other sensors.
Project Treble and Android HAL Development
Prior to Treble, the Android framework and vendor chip specific Android HAL /firmware were packaged into single Android system image. SoC vendors had to take the release made by Google and apply their vendor specific changes and release it to Device makers. Device makers had to move the device specific changes on to the Android code base released by the SoC vendor. This caused a delay in the Android HAL Development updates and Android releases in reaching the end users. With Project Treble, Android Oreo and higher versions bring updates faster to users. Project Treble is a re-engineered update framework that adds a new layer for vendor specific Android HAL /firmware, instead of Android framework and vendor specific codes merged into a single package. This layer of Treble sits between core Android OS and device manufacturer specific customization. As the two code bases – Android and vendor – are maintained separate, the new framework expedites and streamlines the process of Android upgrade. The vendor interface in the new architecture provides access to hardware-specific parts of Android, which aids device manufacturers to deliver Android HAL Development upgrades by updating the Android OS framework, without altering the Android base codes. End user will not see any difference in the way Android updates, however he would get the upgrades faster than before.
- Security-Enhanced Linux [SELinux]
SELinux is a labelling system that controls the permissions such as read, write, etc., subject context has over a target object like directory or device or file or process or socket. The SELinux policy build flow for Android 4.4 and higher versions, merging both platform and non-platform sepolicy to generate monolithic files in the root directory. So, any change the vendor or a device maker had to make to their policies finally must go all the way to the Android HAL image.
From Android 8.0 and higher, the policies have been modularized, i.e. vendors can modify policy related to their changes on to their non-platform specific partitions alone.
For example: If you need to access any file in vendor partition or some sysfs or device node, you must write non-platform specific SE policies. These policies are written specific to the module that wants to access the secure files and is not available to unknown apps. That said, a system app cannot access these Android HAL files even with the help of SE policies, here Treble could come to aid. Develop a Treble layer in non-platform specific code and write policies specific to the Treble layer introduced.
- Android Verified Boot (AVB)
Android Verified Boot ensures all executable code is coming from a trusted source, usually device manufacturers, and not a security attack or corruption. It assures that all the platform and non-platform specific partition binaries are from the device manufacturer. During boot up, the integrity and authenticity of the next stage is verified at every stage, prior to handing over for execution. If at any stage device integrity is compromised the Device will not boot further.
Android 4.4 added Verified Boot and dm-verity in Kernel, this feature is called Verified Boot 1.0.
Android 8.0 and higher comprises of Android Verified Boot (AVB), an implementation of the Android Verified Boot that works with Project Treble. In addition, the AVB has standardized partition footer format and added rollback protection features.
- Security Bulletin Updates
Google releases monthly security bulletin updates and makes them public. Device makers use the public bulletin and apply the Android, Linux or SoC related component security fixes and release them to the End Users. Android Oreo onwards, project Treble makes it easier to release these security updates as the platform and non-platform partitions have been separated.
- File-based Encryption
Android has introduced File-based Encryption in Android 7.0 and higher versions. This feature in Android HAL enables different files to be encrypted with different keys, which can be encrypted independently. From Android 9.0 and above the File Based Encryption has been updated to support external storage media. Google also added metadata encryption support which will encrypt whatever content is not encrypted by file-based encryption.
- Hardware security module
Trusted execution environment available on SoC gives opportunity to use the Hardware Backed strong security services to Android and other platform services.
Prior to Android Ver. 6.0, Android had a simple, hardware-backed crypto services API available through the versions 0.2 and 0.3 of the Keymaster Hardware Abstraction Layer (Android HAL Development). It provided digital signing and verification operations, plus generation and import of asymmetric signing key pairs. With Android 6.0 and 7.0 the keymaster Android HAL evolved and provided more security features such as AES and HMAC (Hash-based message authentication), access control system for hardware-backed keys, key attestation and version binding etc. Android 8.0, Oreo supports Keymaster 3.0 with ID attestation. ID attestation provides a limited and optional mechanism for strongly attesting to hardware identifiers, such as device serial number, product name, and phone ID (IMEI / MEID).
Android Pie and higher versions has a feature called Strong Box which enables end users to use the keys stored in the Trust zone. The Strong Box is a Keymaster Android HAL 4.0 which resides in a hardware module. The Strongbox has its own CPU, storage, random number generator and additional mechanisms to resist package tampering and unauthorized sideloading of apps.
Android 9.0 HAL and Framework – A closer look
Let’s take a quick dive into the new Privacy & Security features of Android 9.0.
- Restricts background apps from accessing microphone and camera
- Notification in case background apps use microphone or camera
- Restricted access to call logs
- Restricted access to phone numbers
- Call Recording Alert
- Android Backups to be encrypted
- Sensors using continuous reporting mode, for ex: accelerometers and gyroscopes, don’t receive events
- Sensors using on-change or one-shot reporting modes don’t receive events
- Access to Wi-Fi location and connection information is restricted
Security/privacy best practices
Here are a few security/privacy best practices by Android, that you can keep in mind while building a secure Android HAL and Android app.
Store data safely: Minimize usage sensitive APIs and verify data from any external storage
Enforce secure communication: Ensure that the apps being developed use HTTPS/SSL to protect data on the network
Update security provider: Automatically update a device’s security provider to protect against an external attack
Pay attention to permissions: Only use necessary permissions, and pay attention to permissions the libraries may use
Google is on a constant strive to make every new release of Android excel over the previous versions. Android 9.0 has been a huge upgrade over its predecessor Oreo. Google has already announced the beta version of Q. There is a lot of buzz around the upcoming version and its advanced features.
Companies offering Android HAL Development and Android HAL Design Services must adapt to the latest changes to help product developers bring our devices and gadgets that meet Google Standards. Mistral, an embedded engineering company, helps our customers to build Android based products and applications that are in harmony with new security and privacy features. We offer enhanced Android experience with improved connectivity APIs, high-performance codecs, and much more. With over a decade of experience developing Android products, Mistral offers comprehensive Android Software Development services including Base porting, Android HAL Design Services, Android HAL development, BSP development, Application Development, Performance optimization, testing validation, etc.
Our Embedded Android Development Services team has in-depth knowledge on Linux Kernel, Android Runtime, JNI, Android SDK, Android HAL, framework APIs, development tools, testing process and techniques to avoid pitfalls. While Google ensures better privacy and security for users; for developers, it endeavors to table a better platform to develop secure and stronger devices.
By Keerthi, Project Leader – Software Design