Last week, Google released the latest Android Q security release notes published to the Android Open Source Project (AOSP) security bulletin update. Per this update, there are 193 Android security vulnerabilities in the latest version of Android. These include elevation of privilege, remote code execution, information disclosure and denial of service categories. Two are in the Android runtime, two in the library and 24 in the framework. The Android media framework has 68 vulnerabilities and the Android system has 97. All have been defined with "moderate" severity.
These issues Google says are fixed in the default Android 10 patch level of 2019-09-01 on the release of the new OS. “Android Q, as released on AOSP, has a default security patch level of 2019-09-01. Android devices running Android Q and with a security patch level of 2019-09-01 or later address all issues contained in these security release notes,” reads the update. The update specifies that "Google has had no reports of active customer exploitation or abuse of these newly reported issues."
At the Google I/O in May, Google had released Android Q beta 3. With this new release, Google announced that Android Q will double down on security and privacy features, such as a Maps incognito mode, reminders for location usage and sharing (such as only when a delivery app is in use), and TLSV3 encryption for low-end devices. Security updates will also roll out faster, updating over the air without a reboot needed for the device. The last Beta update for Android Q was rolled out in August as Beta 6.
Other privacy announcements announced for Android Q so far by Google include:
- Scoped storage: There are new limits on access to files in shared external storage.
- Device Location: Android Q has a new user option to allow access to device location only while using your app in the foreground
- Background App Starts: There are new restrictions on launching activities from the background without user interaction
Unlock access to the largest independent learning library in Tech for FREE!
Get unlimited access to 7500+ expert-authored eBooks and video courses covering every tech area you can think of.
Renews at $19.99/month. Cancel anytime
- Hardware Identifiers: Restrictions on access to device hardware identifiers such as IMEI, serial number, MAC, and similar data
- Camera And Connectivity: Android 10 has restrictions on access to full camera metadata, and FINE location permission now required for many connectivity workflows.
Android has been the target of hackers for a long time. Recently, in July, Check Point researchers reported a new mobile malware attack called ‘Agent Smith’ which infected around 25 million Android devices. This malware is being used for financial gains through the use of malicious advertisements. The malware, concealed under the identity of a Google-related app, exploited known Android vulnerabilities and automatically replaced installed apps with their malicious versions, without any consent of the user.
Android Studio 3.4 releases with Android Q Beta emulator, a new resource manager and more.
Android Q Beta is now available for developers on all Google Pixel devices
Android Q will reportedly give network carriers more control over network devices
Germany
Slovakia
Canada
Brazil
Singapore
Hungary
Philippines
Mexico
Thailand
Ukraine
Luxembourg
Estonia
Lithuania
Norway
Chile
United States
Great Britain
India
Spain
South Korea
Ecuador
Colombia
Taiwan
Switzerland
Indonesia
Cyprus
Denmark
Finland
Poland
Malta
Czechia
New Zealand
Austria
Turkey
France
Sweden
Italy
Egypt
Belgium
Portugal
Slovenia
Ireland
Romania
Greece
Argentina
Malaysia
South Africa
Netherlands
Bulgaria
Latvia
Australia
Japan
Russia
