Oreo is the most secure version of Android yet.
Every time Android gets an update, there are changes that we can’t see. There is a lot going on behind the home screen and it takes an army of developers to keep a piece of software as intricate as Android running. With Android Oreo, some major changes are in the background that bolsters user security and privacy.
As users, we are mostly concerned with what we can see or do ourselves; things like being mindful of installing random apps or not opening email attachments from people we don’t know. But the heavy lifting goes on behind the scenes and work to prevent any of the malicious content we might run across from gaining a foothold is a priority. Oreo has a long list of changes and features on this front.
Android Oreo no longer supports SSLv3 (Secure Sockets Layer version 3.0). SSLv3 is outdated and has been proven insecure, and at the recommendation of the IETF (Internet Engineering Task Force; a group that sets a sort of standard for internet communication) it’s been completely dismantled in favor of a newer communication security method, TSL (Transport Security Layer) 1.2.
In addition, when you try to connect to a server that isn’t correctly using TSL 1.2 Android Oreo will no longer attempt to fall back to a previous version as a workaround. Your phone running Oreo just won’t connect to unsafe web servers, and that’s awesome.
Android 8.0 applies a Secure Computing filter to all applications. The list of ways an app can directly communicate with the kernel has been reduced. These have traditionally been a popular method to attempt a kernel exploit to gain admin-level privileges. It’s harder than ever for any type of malware to get root.
WebView objects now run in multiprocess mode. Any apps that get content from the Web now show that content in its own isolated sandbox, where it has no access to any app data. A website that tries to steal your information will find no information to steal!
Apps that are running can no longer assume other apps are in a generic location and will need to ask the system itself to pass data along to their actual source directory. Not knowing where to find an app means it’s much harder to exploit any vulnerabilities in it.
Android Oreo now handles your unique identifying data differently. Prior to Android 8.0, a unique Android ID was generated when a device was first set up. This ID was constant, and developers could use it to verify a user when retrieving data from the cloud. With Oreo, an ID based on the app developers signing key (a tool used to verify an app is original and hasn’t been tampered with) our Android Advertising ID (a function of Play Services and something we can erase or opt out of) and the actual device ID. Every instance of the Android ID is now – Source