Google has a new breakthrough to show why Android is better than iOS devices

Google Android figure standing on laptop keyboard with code in background
(Image credit: Shutterstock / quietbits)

Google has begun work on making Android more secure at the firmware level, targeting processors on systems-on-a-chip (SoCs) that target dedicated tasks such as mobile phone functionality, media playback and encoding, and Wi-Fi connectivity.

Per BleepingComputer (opens in new tab), the tech giant is starting to take notice of the fact that, “over the last decade”, firmware vulnerabilities on secondary processors have been become high-priority targets for security researchers and academic papers in the field of computer science.

Wi-Fi and Cellular module exploits are especially of concern, given that they allow for remote code execution (RCE)

TechRadar Pro needs you! (opens in new tab)

We want to build a better website for our readers, and we need your help! You can do your bit by filling out our survey (opens in new tab) and telling us your opinions and views about the tech industry in 2023. It will only take a few minutes and all your answers will be anonymous and confidential. Thank you again for helping us make TechRadar Pro even better.

D. Athow, Managing Editor

Android firmware security

Google is planning to explore a variety of protection mechanisms with its “Android ecosystem” partners. These include compiler-based sanitizers, like BoundSan (opens in new tab) and IntSan (opens in new tab), which catch memory-based flaws and crashes that often occur during code compilation.

There are also exploit mitigations, like Control Flow Integrity (CFI), Kernel Control Flow Integrity (kCFI (opens in new tab)), ShadowCallStack (opens in new tab), as well as Stack Canaries (opens in new tab), which work towards protecting values from buffer overflow attacks at the compilation stage. 

Buffer overflows will also, in addition to null pointer dereferences and user-after-free attacks, will also be guarded against by a raft of memory safety features. To this end, Google have mulled over a Zero Initialized Memory (opens in new tab) principle, citing uninitialized memory in C and C++ environments as a common cause of reliability issues.

As BleepingComputer have noted, tackling problems across different parts of a processor could have an adverse effect on system performance, but Google believes that, with optimization, it can mitigate the impacts of its efforts.

Luke Hughes
Graduate Writer

 

Luke Hughes holds the role of Graduate Writer at TechRadar Pro, producing news, features and deals content across topics ranging from computing to cloud services, cybersecurity, data privacy and business software.