Google releases Android 9 Pie with added NFC, secure element, TEE and biometric security

Android 9 P has been dubbed 'Pie' in Google's continuing love affair with sweet treats

Google has begun rolling out Android 9 ‘Pie’, the latest version of its mobile operating system which includes support for GlobalPlatform’s Open Mobile API, a new BiometricPrompt API, and added NFC and Trusted Execution Environment (TEE) security techniques.

“Today we’re pushing the source code to Android Open Source Project (AOSP), and starting the Android 9 rollout to all Pixel users worldwide, with Android 9 coming to many more devices in the coming months,” Google says.

“Android 9 adds an implementation of the GlobalPlatform Open Mobile API to Android. On supported devices, apps can use the OMAPI API to access secure elements (SE) to enable smart card payments and other secure services. A hardware abstraction layer (HAL) provides the underlying API for enumerating the variety of secure elements (eSE, UICC, and others) available.”

“In Android 9 we’ve expanded our use of compiler-level mitigations to harden the platform through run-time detection of dangerous behavior. Control Flow Integrity (CFI) techniques help to prevent code-reuse attacks and arbitrary code execution,” Google adds. “In Android 9 we’ve greatly expanded CFI usage within the media framework and other security-critical components, such as NFC and Bluetooth.”

“Android 9 introduces Android Protected Confirmation, which uses the Trusted Execution Environment (TEE) to guarantee that a given prompt string is shown and confirmed by the user. Only after successful user confirmation will the TEE then sign the prompt string, which the app can verify.”

Android 9 also makes it easier for developers to integrate support for verification. “Android 9 introduces a system-managed dialog to prompt the user for any supported type of biometric authentication,” Google explains. “Apps no longer need to build their own dialog — instead they use the BiometricPrompt API to show the standard system dialog. In addition to fingerprint (including in-display sensors), the API supports face and iris authentication.”