Google has declared of wanting to collaborate with the partners of its “ecosystem” in order to be able to strengthen the security of the firmware that interacts with android.

But these SoC processors so “loved” by Google, what exactly are they?

In short, SoC processors (System-on-Chip) are electronic components found in devices such as smartphones, tablets, smartwatches and other “smart” devices, so to speak.

These processors integrate various functions and various components into a single processing unit, among which we can put things like the CPU (Central Processing Unit), the GPU (Graphics Processing Unit), the memory (RAM), the modem for Internet connection, Wi-Fi and Bluetooth connectivity, and many other functions.

Basically, SoC processors are like a mini-computer inside the electronic device, which manages all the functions necessary to make the device work; with these processors, electronic devices can be more efficient, compact and easier to manage, since the number of necessary components is reduced and the interface between them is simplified.

What are Google’s intentions with these chips?

While the Android operating system runs on the application processor (AP), this is just one of many processors in a system on chip (SoC) that take care of various tasks such as cellular communications and multimedia processing.

“Securing the Android platform requires going beyond the boundaries of the application processor“, has said the android team. “Android’s defense in depth strategy also applies to firmware running on environments bare metal in these microcontrollers, as they form a critical part of a device’s attack surface“.

The tech giant said that’s the goal to harden the security of software running on these secondary processors (i.e. the firmware) and make it more difficult to exploit to exploit vulnerabilities via network to execute remote code within the Wi-Fi SoC or cellular baseband.

To that end, Google said it is exploring and enabling new compiler-based “cleanup” processes and turning on memory-safety features in firmware as safeguards against exploits.

Given the resource constraints associated with bare-metal targets, the idea is to “reinforce the most exposed attack surface, minimizing any performance/stability impactexplained the Mountain View-based company.

Another key area is the use of secure memory programming languages ​​like Rust to write firmware code, continuing efforts to broaden their adoption across the platform.

“Hardening firmware running on bare-metal to materially increase the level of protection, across multiple surfaces in Android, is one of Android Security’s priorities“, said Google.

All nice in appearance, but there is a “very small” problem

Let’s go in order: if iOS is updated, this applies to all those who have iOS, if Windows 10 updates, it applies to everyone, the same thing can be said of MacOS, but Android systems have updates only based on the manufacturer, not according to Google.

In principle it can be said that operating systems such as iOS, Windows 10 and macOS receive regular updates from the manufacturer of the operating system (Apple and Microsoft respectively), and these updates are available to all users who use that operating system.

Too bad regarding Android, it is true that Google regularly releases new versions of the Android operating system, but the availability of updates depends on the manufacturers of Android devices (Samsung, Asus, Oppo, etc.), since each manufacturer customizes the Android operating system to adapt it to its own devices and, sometimes, also to the networks of different countries.

As a logical consequence, it is possible that this “dispersion” could be problematic and that not all manufacturers adopt it at the same time, it being understood that (alas!) very often Android phones do not have long-lasting update supports, and unfortunately it is difficult for this function to be applied via one of the Google system applications downloadable from the PlayStore.

Could this improvement wanted by Google also affect custom ROMs like LineageOS?

It cannot be excluded that even on Android-based custom ROMs such as LineageOS all this may have some effect (in a more or less direct way), but it depends on the way in which the manufacturer of the custom ROM has implemented the firmware and on the hardware characteristics of the device.

Custom ROMs, such as LineageOS, they are usually based on the Android source code, and their developer customizes the operating system to work on specific devices.

However, some hardware or firmware features they may be different from those of the original devices for which Android was designed; in this specific case, the security implementation may also vary from that of the original devices.

If the manufacturer of the custom ROM has correctly implemented the security measures provided by Google, LineageOS users could benefit from the security improvements described above; it should be noted that if the custom ROM has profoundly changed the firmware or the security functions of the operating system, the impact of this improvement from Google could be limited or even non-existent.

The problem then of the “dispersivity” of Android described derived from the fact that, with the exception of Pixel phones (which are from Google), all the others are from other manufacturers, it could even significantly delay the introduction of this algorithm on the operating system.

Can it affect Chromebooks?

Even Chromebooks are eventually a part of the Google ecosystem, in practice, probably yes.

Chromebooks indeed use SoC processorstherefore the security measures described they could also impact the security of Chromebooks. However, it is important to note that Chromebooks use a customized version of Chrome OS (such as Smartphones that Android “everyone has their own”, also applies to Chrome OS, to understand), the Linux-based operating system developed by Google, which just some differences with Android.

Chromebook firmware is managed by the Chromebook firmware, which controls the operating system boot process and the loading of hardware drivers; Chromebook firmware is developed by Google and device hardware manufacturers, and is not the same firmware used by Android.

In the midst of all this ambaradan it must be said that many of the same security vulnerabilities and threats that affect Android can also affect Chromebooks.

Google’s approach to SoC security described in the article can also be applied to Chromebooks, but it is possible that some of the measures described by Google have already been implemented differently in the Chromebook firmware.