Android lockdown: Google urges phone makers to support Oreo's rollback protection

Google sheds light on a new Oreo security feature that prevents attackers from downgrading a device to insecure versions of Android.
Written by Liam Tung, Contributing Writer

Video: Rogue Android apps slipped past Google security, racked up 4.2 million downloads

Google is urging more manufacturers to enable a new security feature in Android Oreo that detects if a device has been downgraded to an earlier version of the OS.

Known as rollback protection, the measure adds another layer of security in the event a device is lost or stolen, and the attacker rolls it back to an older Android firmware with known vulnerabilities.

Google revealed some details about rollback protection in September, which caught the attention of Android enthusiasts who like the freedom to downgrade Android as they see fit, even though it could be a security risk.

While the security feature is part of Oreo, it's not available on every Android device that runs Oreo.

According to Google, rollback protection works in tandem with Project Treble, the major redesign of Android in Oreo that separates the Android platform from vendor code.

The modular design aims to help Android OEMs deliver new versions of Android to end-users faster.

However, Project Treble is only supported on new devices that ship with Android, rather than devices that get upgraded to Oreo. So new handsets like the Pixel 2 and Sony Xperia XZ1 are Treble-compatible, while the Nokia 8 isn't.

Image: Jason Cipriani/CNET

It's the same case for rollback protection, which is part of a new version of Verified Boot called Android Verified Boot 2.0 or AVB. Verified Boot prevents a device from booting if the software has been tampered with, for example by a rootkit. AVB is part of Oreo that runs with Project Treble.

According to Google, rollback protection is enabled in the Pixel 2 and Pixel 2 XL, and relies on the Trusted Execution Environment signing the version of Android on the device. Google is recommending OEMs support it too.

"Rollback protection is designed to prevent a device to boot if downgraded to an older OS version, which could be vulnerable to an exploit. To do this, the devices save the OS version using either special hardware or by having the Trusted Execution Environment (TEE) sign the data. Pixel 2 and Pixel 2 XL come with this protection and we recommend all device manufacturers add this feature to their new devices," Google said.

Other hardware security features include the new OEM Lock Hardware Abstraction Layer, which helps to prevent a device from being reset if it's been stolen. The other key feature is a new chip called the security module that "prevents many software and hardware attacks and is also resistant to physical penetration attacks". Both features are available in the Pixel 2.

Recent and related coverage

Android security triple-whammy: New attack combines phishing, malware, and data theft

Attacks on three fronts ensure attackers have all the information they need to steal banking details in the latest evolution of the Marcher malware, warn researchers.

Android security alert: Google's latest bulletin warns of 47 bugs, 10 critical

Google's Android security bulletin for December includes a number of flaws that vendors will need to patch.

Android Oreo: Google adds in more Linux kernel security features

Google has hardened Android's Linux-based kernel.


Editorial standards