How Android N is being built to prevent the next Stagefright
What makes you chose one smartphone platform over another? App selection? Hardware availability? System security is another big factor shoppers take into consideration, and last year Google suffered a PR nightmare after the publication of the Stagefright attack, a vulnerability with the double whammy of presenting a serious risk to users, and being exploitable on a huge fraction of Android devices out there. With Android N, Google's getting serious about preventing another Stagefright disaster, and today shares some of the ways it's going about preventing another such attack.
On its Android Developers Blog, Google talks about the two big steps it's taking to nip future Stagefrights in the bud.
Remember, Stagefright worked through the creation of specially formed media files; when Android's media subsystem attempted to process these files, the bug seized control of that software, gaining the ability to execute its own malicious code in the process.
The second step is stopping even a successful bug exploit from causing big damage. Let's say Google still misses a vulnerability with that code-scanning tool, and a bug slips through: by breaking up system processes like the Android MediaServer into multiple components, and only giving each the rights it needs to get its specific job done, it becomes harder for successful attacks to wreak havoc on a system level.
How Google's limiting bug fallout by splitting up permissions
source: Google
Things that are NOT allowed: