Today in release: improvement of the biometric authentication system in Android 11, ransomware that can block the device without special permissions, myths about Android performance, adapting the application to modern privacy requirements, fast multi-platform NoSQL database, benchmark of image loading libraries, running Java code on a device without creating an APK. And also: a selection of pentester tools and libraries for developers.
Lock screen security in Android 11
Lockscreen and authentication improvements in Android 11 – An article from the Android security team about changes in how fingerprint and face authentication mechanisms work.
Prior to Android 11, the Android authentication system worked according to the following rules:
- Password or PIN-code is considered the most reliable method of authentication and therefore gives full control over the device without any restrictions.
- Fingerprint or face snapshot is less reliable, the system asks for a password every time the phone is restarted, and also every 72 hours.
- Smart Lock is the least secure method, so it has the same restrictions as the biometric method, plus it does not allow access to Keymaster authentication keys (for example, those used for payments), and the password is not requested after 72 hours, and after four.
Android 11 introduced the concept of the reliability of the biometric authentication method. The system now takes into account how reliable the fingerprint sensor or face scanner is installed in the device and can change the behavior. For example, an unreliable authentication method cannot be used to authenticate to third-party applications and to unblock access to the KeyStore. Also, for this authentication method, the timeout before the next password request will be reduced from 72 to 24 hours.
There are three reliability classes for biometric authentication sensors (methods):
- class 3 – secure, password request after 72 hours, access to KeyStore and the ability to use in third-party applications;
- class 2 – weak, password request after 24 hours, access to KeyStore, cannot be used in third-party applications;
- class 1 – convenient, password request after 24 hours, no access to KeyStore, cannot be used in third-party applications.
Their reliability is determined based on the percentage of false positives, the security of the method for processing biometric data, and some other parameters.
Ransomware of a new type
Sophisticated new Android malware marks the latest evolution of mobile ransomware – An article by Microsoft researchers about a new type of ransomware found on the Internet.
The malware is called AndroidOS / MalLocker.B and in general it is already known and well studied. The researchers' interest was aroused by a new version of this ransomware: it learned how to block the device by displaying a ransom message without using screen overlays (SYSTEM_ALERT_WINDOW), the capabilities of which have been severely limited by Google in recent versions of Android.
Instead of an overlay, the malware uses a so-called full-screen notification, with which legitimate software displays the call screen. In addition to text (and other standard attributes), such a notification also contains a link to the activity (application screen), which will be displayed when the notification appears in the system.
However, showing the ransom message once would be useless, as the user could press the Home or Back button and just close it. Therefore, the malware uses one more trick: it restarts the activity in the
onUserLeaveHint( Is the callback the system calls before the activity disappears from the screen. Therefore, restarting the activity in this method results in the user simply not being able to leave the ransom message screen.