Just as the moon eclipsed the sun today, Google revealed Android 8.0 "O" will henceforth be known as Oreo, the black on white cookie.
Android Oreo comes nine years after Google released Android 1.0 on T-Mobile’s G1, a smartphone with a physical keyboard, which shipped with a Gmail app, an Android app store called Android Market, and Android widgets.
Oreo comes with Google Play Protect, a new malware scanner, but perhaps more importantly, security-wise, is Project Treble, a new modular design that promises to cut delays to handset makers delivering new versions of Android.
Android OEMs could still take several months to deliver Oreo to end-users but from now on they should be able to guarantee faster updates.
While Android 7.0 Nougat hardened the OS against mediaserver bugs known as Stagefright, Project Treble tackles Android’s version fragmentation challenges stemming from OEM customizations that depend on update from silicon providers, such as Qualcomm and MediaTek. Oreo also hardens a deeper strata of the OS that attackers could exploit to run malware.
Google published the full documentation for Project Treble today alongside the release of Oreo.
Project Treble features an architecture that separates hardware drivers from the underlying Android OS framework. As of Oreo, OEMs have a “vendor interface” that provides access to the hardware drivers, allowing them to deliver new versions of Android by updating the Android OS framework without waiting for updates from silicon providers.
Google recently outlined how Project Treble hardened Android by isolating HALs or Hardware Abstraction Layers, which support various sensors such as the fingerprint reader and GPS. HALs provide an interface between Android code for all device makers and each OEM’s custom implementation of Android. Instead of running multiple HALs in a single process, Treble runs each HAL in its own sandbox, ensuring HALs only have the necessary permissions for the task at hand.
In the context of mediaserver, Treble advances Google’s hardening efforts introduced in Android Nougat. Prior to Nougat most media tasks were handled by the mediaserver process, which was itself sandboxed, but each HAL had access to other HALs. Nougat separated and restricted these mediaserver components, but an attacker could still gain permissions to access the camera HAL if they compromised the microphone HAL. In Oreo, permissions are restricted to the resources each HAL needs.
Treble will likely help Google improve updates in the future as new hardware is released, however it won’t resolve update lags for older devices. As Google notes, “Treble is for all new devices launching with Android 8.0 and beyond”, except its own Pixel phones, which support the new architecture.
To ensure new Android devices following Oreo’s release support Treble, Google has created the Vendor Test Suite which allows vendors to test whether they conform with the new Vendor Interface.