Internet Security Blog - Hackology

Android 8.0 Oreo is here with the Eclipse

Google has launched Android 8.0 code-named Oreo as everyone was busy watching the Eclipse.

Whats new in Android Oreo (8.0)

The latest version of Android that’s smarter, faster, and more powerful. Android Oreo gives you many new ways to extend your app and develop more efficiently.

2x faster : Get started on your favorite tasks more quickly with 2x the boot speed when powering up
Background limits : Android Oreo helps minimize background activity in the apps you use least, it’s the super power you can’t even see.
Android Instant Apps : Teleport directly into new apps right from your browser, no installation needed.
Emoji : Share the feels with a fully redesigned emoji set, including over 60 new emoji.

Picture-in-Picture mode

We had this feature in our laptops , but now we can have the same built in support that even if we exit an app and go about doing something else , our camera will be showing our video and will also play the other side.Android 8.0 (API level 26) allows activities to launch in picture-in-picture (PIP) mode. PIP is a special type of multi-window mode mostly used for video playback. PIP mode is already available for Android TV; Android 8.0 makes the feature available on other Android devices.

pip.gif (500×990)

Notifications

Android 8.0 they have redesigned notifications to provide an easier and more consistent way to manage notification behavior and settings. These changes include:

A notification long-press menu in Android 8.0 (API level 26).
  • Notification channels: Android 8.0 introduces notification channels that allows a user-customizable channel for each type of notification.
  • Notification dots: Android 8.0 introduces support for displaying dots, or badges, on app launcher icons. Notification dots reflect the presence of notifications that the user has not yet dismissed or acted on.
  • Snoozing: Users can snooze notifications, which causes them to disappear for a period of time before reappearing. Notifications reappear with the same level of importance they first appeared with. Apps can remove or update a snoozed notification, but updating a snoozed notification does not cause it to reappear.
  • Notification timeouts: You will have an option to set a timeout (dependent on the App support) after that time the notification will vanish

Autofill Framework

Account creation, login, and credit card transactions take time and are prone to errors. Users can easily get frustrated with apps that require these types of repetitive tasks. Android 8.0 makes filling out forms, such as login and credit card forms, easier with the introduction of the Autofill Framework. Existing and new apps work with Autofill Framework after the user opts in to autofill. Might be a security hazard , but this option will be protected with pin / finger sensor verification by default.

Downloadable Fonts

Stock support for downloadable Fonts built in , will allow App developers to make less heavy apps so they will take up less system resource

Connectivity

Wi-Fi Aware

Android 8.0 adds support for Wi-Fi Aware, which is based on the Neighbor Awareness Networking (NAN) specification. On devices with the appropriate Wi-Fi Aware hardware, apps and nearby devices can discover and communicate over Wi-Fi without an Internet access point.

Bluetooth

Android 8.0 enriches the platform’s Bluetooth support by adding the following features:

  • Support for the AVRCP 1.4 standard, which enables song-library browsing.
  • Support for the Bluetooth Low-Energy (BLE) 5.0 standard.
  • Integration of the Sony LDAC codec into the Bluetooth stack.

Companion device pairing

Android 8.0 provides APIs that allow you to customize the pairing request dialog when trying to pair with companion devices over Bluetooth, BLE, and Wi-Fi. For more information, I can see that this will be used very effectively in social engineering hacks in future.

My take on how Hackers will Hack Android Oreo Users

Android 8.0 (API level 26) introduces several new permissions related to telephony:

  • The ANSWER_PHONE_CALLS permission allows apps running on Android Oreo to answer incoming phone calls programmatically. To handle an incoming phone call within an app, by making use of acceptRingingCall() method.
  • The above permission means that programs will be able to make a call to the phone , silently activate the call and turn the phone into a live bug. Not that it wasn’t there before (Jsocket,AndroRat,AlienSpy 😉 ) but this will be an added feature for Hackers to play with.
  • The above permission belongs to Phone Permission Group, which means if a user allows the app any of the Phone permission group all other permissions will be granted without any prompt, read_phone_state will be used as a leverage to exploit answer_phone_calls

1 comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Get Wise

Subscribe to my newsletter to get latest InfoSec / Hacking News (1 Email/week)
Utopia p2p Ecosystem