Why you can trust ZDNET
:ZDNET independently tests and researches products to bring you our best recommendations and advice. When you buy through our links, we may earn a commission.Our process
'ZDNET Recommends': What exactly does it mean?
ZDNET's recommendations are based on many hours of testing, research, and comparison shopping. We gather data from the best available sources, including vendor and retailer listings as well as other relevant and independent reviews sites. And we pore over customer reviews to find out what matters to real people who already own and use the products and services we’re assessing.
When you click through from our site to a retailer and buy a product or service, we may earn affiliate commissions. This helps support our work, but does not affect what we cover or how, and it does not affect the price you pay. Neither ZDNET nor the author are compensated for these independent reviews. Indeed, we follow strict guidelines that ensure our editorial content is never influenced by advertisers.
ZDNET's editorial team writes on behalf of you, our reader. Our goal is to deliver the most accurate information and the most knowledgeable advice possible in order to help you make smarter buying decisions on tech gear and a wide array of products and services. Our editors thoroughly review and fact-check every article to ensure that our content meets the highest standards. If we have made an error or published misleading information, we will correct or clarify the article. If you see inaccuracies in our content, please report the mistake via this form.
XDA's Mishaal Rahman has uncovered what might be a silver bullet coming in Android 14. That silver bullet is called Advanced Memory Protection and it could finally stand as a protection against memory safety vulnerabilities.
Essentially, a memory safety vulnerability is a problem with the way an application handles or uses memory in a device.
What happens with these types of bugs is that an application could be capable of writing beyond the memory region it has been allotted, which can then be used by attackers to corrupt the application's intended behavior.
Think of it this way. You have a key on your keyring to your house, and it works like a charm to let you in. Your neighbor also has a key on their keyring for their house. One day you two bump into one another and, unknown to you, both of your keyrings have a flaw that allows your neighbor's key to pass from their keyring to yours.
You now have a key to both houses and can enter at any time. That keyring flaw that allowed this to happen represents the memory protection bug.
There are a few different types of memory safety bugs, but what's important to know is that Google estimated that 90% of Android vulnerabilities are of this kind.
If what Rahman discovered is true, then those types of errors could be a thing of the past with the next release of Android. And if Google was correct in its estimation, that could do away with 90% of Android's vulnerabilities.
There is, of course, a big ol' catch to this. The new Advanced Memory Protection feature comes by way of the Memory Tagging Extension in ARMv9 CPU cores. It's the V9 that should deflate the joy from owners of any Pixel 7 phone or earlier Pixel phone. You see, the Pixel 7 phones use the V8.2 Tensor chip, which doesn't include the Memory Tagging Extension.
What does that mean? In order to gain the added security feature, you'll have to upgrade to the Pixel 8 when it arrives near the third quarter of 2023. Unfortunately, it also means Android devices that are not in the Pixel line (and don't have the ARMv9 CPU cores) will also not enjoy this feature. The good news is that Armv9 architecture started previewing in flagship phones of 2022.
To find out if your device contains ARMv9 CPU cores, you'll have to first find out what chipset your device has. For example, the Samsung Galaxy S23 Ultra uses a Snapdragon 8 Gen 2 CPU, which is based on the ARMv9 architecture. Other devices that use this same chip include the OnePlus 11 series, the Motorola X40 series, the Oppo Find X series, and the Samsung Galaxy S23 series.
The sad truth about this is that most low-end and mid-range Android phones (which happen to be the most widely used on the planet) do not include CPUs based on the ARMv9 technology. That means the majority of Android phones on the planet are, and will continue to be, vulnerable to memory protection errors. This is not a problem Google can easily solve with a software patch because it doesn't create all of the apps that are installed on phones around the globe.
Of course, as time marches on, CPUs based on the ARMv9 technology will become cheap enough for any phone to include, but that time is not yet. What can you do in the meantime? Here's my best advice:
Always apply updates to your operating system as soon as they are available.
Install only the apps you need and only install them from the Google Play Store.
Check daily for app updates and apply them immediately.
You should also be aware that Pixel phones (starting with the 6) use Google's own Tensor chip instead of Snapdragon CPUs. There's no guarantee the Tensor 3 chip (which will ship with the Pixel 8 line) will make use of the ARMv9 CPU cores. And given that the Pixel 8 is the only Google phone that will sport the T3 chip, even the much-anticipated Pixel Fold will miss out on this protection. For me, protecting my device against these types of vulnerabilities is a must, so I'm going to wait for the official specs of the Pixel 8 before deciding whether to upgrade.
Keep in mind that much of this is speculation. To recap: What Rahman discovered is a feature in Android 14, called Advanced Memory Protection, which can be enabled on the device.
The first question that comes to mind is whether non-Pixel devices that have ARMv9 CPU cores include this feature. The second is whether any current Pixel phones include the feature. Probably not. The third question that comes to mind is whether Samsung Knox (the security technology that ships with Samsung devices) protects against these vulnerabilities using Android 14's feature or its own.
Sadly, these questions cannot be answered until Android 14 gets closer to release. The good news is that help is coming for the most common security vulnerability to plague the operating system. And if Google retains the feature in the Pixel 8, you can be sure I will upgrade from my Pixel 7 the day the 8s are released.