Android Oreo, Another Boost To Android Security (Among Other Features)




Coinciding with the solar eclipse, yesterday, Google took the opportunity to launch the new version of its operating system Android 8.0, “O”, which will be known as Android Oreo.

Android Oreo does not have a significant interface change, most features are related to UX, security and energy efficiency. Some nice features include “Picture in Picture” which allow users to see two apps at once, new emojis, notification dots that allow to quickly see what is new in each notification and clear them by swiping them away.

Android Oreo

Additionally, Google keeps having security as one of its main targets, and Android O includes additional features that will boost the platform security:

  • Install unknown applications: The “Unknown sources” option of previous versions disappears. To increase the security in the operating system now, the user has to authorize which application can install other applications. This is a good approach versus the previous “all or nothing” approach. Previously, once users allowed to “install from unknown sources” for one specific case (e.g. use an alternative app market), it was allowed for every app.
  • New permissions: to add more user control on what apps can do or can not do, new permissions are added. A couple that we especially like is the Premium SMS and unlimited data access permission. We all know people who have subscribed to a premium service inadvertently or have ended up paying quite a phone bill for unsolicited data consumption.
  • WebView with Google Safe Browsing: Google’s secure browsing technology comes to the Android WebView component. Now, applications using webview technology (which is embedding web pages in applications) can benefit from the Google Safe Browsing features, such as URL blacklist, phishing identifications, etc.
  • The platform no longer supports SSLv3, which prevents malicious apps to exploit the infamous Poodle vulnerability. This vulnerability easily allowed man in the middle attacks that could end up in credential or sensitive info leaks.
  • Android Instant Apps: Apps that can be executed directly into the browser. While this was already available for earlier versions, Android O reduces the risk inherited by these apps by forcing them to require HTTPS, removing access to persistent device identifiers or sensitive OS components such as contacts.
  • Autofill: With your permission, Autofill remembers your logins to get you into your favorite apps faster, such as many browsers do. This is actually a delicate feature, it has its downside: If it is wrongly used by app developers and users there could be a security hole allowing thefts not having to input passwords. But if used correctly, it would facilitate users to have different passwords for each service and log out more frequently without too much effort.

Android Oreo


We will have to wait until we receive OTA updates on non-Google phones, but Google has announced that the source code is available on the Android Open Source Project (AOSP). In the coming days, the update will arrive for the Nexus 5X, Nexus 6P, Pixel, Pixel XL and Nexus Player.


Article written by Ana Rosa González, User Experience Manager at Barbara IoT.