November 4th, 2019
We recently shared how Android 10 delivers an abundance of helpful features for enterprises. Today, we’re shining a spotlight on some of the new security and privacy features in Android 10, which give IT admins new tools and protections to help keep their device fleets prepared against the latest threats.
Getting reliable security updates is critical for enterprises, who want the latest protections for their devices. Android 10 introduced Google Play system updates, building on the work of Project Mainline, which focused on a simpler and faster method to deliver updates to the Android ecosystem. Many essential components like media codecs, time zone data, DNS resolver, and Conscrypt are now modularized, enabling them to be updated through Google Play.
Google Play system updates can be delivered more directly and uniformly across the ecosystem, as vulnerabilities can be patched from Google Play without a full operating system update.
Our security efforts are regularly evolving to better meet ecosystem needs. For example, the 2015 Stagefright vulnerability accelerated patching security vulnerabilities across different device makers with our monthly security updates program. This has led to substantial progress in ecosystem security. Google Play system updates create a stronger framework for quickly and comprehensively addressing future vulnerabilities. We can accelerate the delivery of a patch and make the update available through Google Play, giving greater consistency to the whole ecosystem.
Strengthening data protections
Protecting data in transit and on the device are essential elements to mobile security in an enterprise setting. In Android 10, we added support for TLS 1.3 and made it the default, but TLS 1.2 is still supported. TLS 1.3 protects more of the handshake process and can be up to 40 percent faster than previous versions. With better encryption, it enhances the protection of device identities and removes some obsolete and less secure features.
TLS 1.3 removes support for weaker cryptographic algorithms and uses a newly-designed handshake that fixes a number of weaknesses in TLS 1.2. Additionally, it no longer supports certificates that use SHA-1 hash algorithms.
Storage encryption is also critical to enterprise security. All Android 10 devices are required to encrypt user data. While most devices achieve this through the Advanced Encryption Standard (AES), Android 10 uses a new encryption mode called Adiantum, which expands encryption to a wider range of hardware, such as devices with lower-end ARM processors that do not support AES extensions.
Safeguarding app installs with Google Play
Google Play uses a number of tools to deter the installation of malicious apps on devices. Application signing validates that an app has been properly signed by the developer, which indicates it has been submitted unmodified for installation on Android devices.
Android 10 supports the latest APK signature scheme, which better secures apps against malicious activity. Together with Google Play Protect, Android 10 continues our efforts in applying best-in-class data and device protection.
These security features in Android 10 are a part of our continuing investment in the enterprise and dedication to improving security and privacy for Android users. In the following weeks, we’ll be sharing more about the many ways that Android 10 builds on our strong security foundation. Learn more about getting started with Android Enterprise and our ongoing security work.