Google I/O: Android N may finally nuke that recurring mediaserver security flaw

Android's mediaserver remains one of the most flaw-ridden components.
Written by Zack Whittaker, Contributor

(Image: CNET/CBS Interactive)

Google may have finally nixed a recurring bug that has plagued almost every Android version for the past year.

At its Google I/O 2016 developer conference in Mountain View, Calif. on Wednesday, company executives said that Android N will harden a crucial component that has been month over month at the top of the mobile operating system's security vulnerability list.

Google engineers have split out media subsystems into individual protected processes, like codecs and file extractors, said Burke.

The hope is that it will toughen the so-called "mediaserver" component, which has almost every month been patched and repaired as part of the company's monthly round ofAndroid security patches. It's a problem because mediaserver has access to privileged parts of the device which other apps don't have.

In other words, an attacker can run malware on a device by exploiting the mediaserver. It's been patched more than two-dozen times since August last year.

"We learned last year the importance of hardening the media framework, especially as it's accessing content anywhere over the internet," said Dave Burke, vice-president of engineering for Android.

"By improving the media framework, we've improved the security of the entire device," he said.

Burke also said that the new Android N version will come with seamless updating, akin to that of its Chrome OS desktop and notebook counterpart, allowing updates to be installed without any user interaction.

Editorial standards