Newsletter
Google’s Project Treble initiative makes updates faster and easier to put together and push out, but the modular approach that it takes to doing that also makes Android inherently more secure. By making the core system and the device-agnostic command layer separate from the OS and the overlaying code, there are a few extra layers of protection between code running in the OS and code reaching the system level. This means that attackers have to work harder to find good exploits, and to inject code into the right places through those exploits to actually achieve malicious effects that aren’t extremely easy to get rid of.
One of the core ways to secure an OS at the base level is by obfuscation; essentially, putting as many layers as possible between the place where attackers can issue commands illicitly and where vital system operations happen. This distance between surface code and what’s called the hardware extraction layer (HAL) makes it harder for malicious code to find a way in, and to stick. The HAL is exactly what it sounds like; it’s where the hardware and software layers meet. This is where I/O interactions happen between the processor and the hardware, and where driver interaction takes place. To put it bluntly, if malicious code makes it here, it can do anything at all on the device. The System Server and Media Server are part of the core driver layer, what’s known as the “kernel attack surface”. HAL moves somewhere around 20 such processes further toward the core hardware layer in order to leave less room for attackers.
Project Treble was announced back in May, with the intention of providing a modular base for Android. Essentially, core system files would have their own layer, rather than being included with the top-level OS. This means that the OS can be modified more freely, and modifications like updates, new pack-in apps, Android version upgrades, and overlay changes all take less work to implement, and have less chance of breaking things when being put into motion. While the primary goal of Project Treble is to bring users faster updates by making the process easier for OEMs and carriers, there are a wide variety of possible knock-on effects to changing the way Android works on such a deep level, and as seen above, added security is one of them.
