Our smartphones are at the center of a lot of our lives. We communicate with loved ones, plan our days, and organize our finances through them. They're the perfect attack vector for someone who may want to target you or steal from you, and that's why so much effort goes into securing them. Google has now detailed how it secures the Android platform not just through Android itself but how it protects against attacks on the firmware of other microprocessors that run as a part of your SoC.

Google has been focused on trying to prevent attacks on the Applications Processor (AP) when it does things like building compiler-based mitigations in Android. The company has announced that it's now working with "ecosystem partners" in several areas aimed at hardening the security of firmware interacting with Android. They're exploring compiler-based sanitizers such as BoundSan and IntSan, along with other exploit mitigations, too. The company is also looking into additional memory safety features, which we knew may be coming with Android 14.

Google has worked on improving security in Android 12 and Android 13 by introducing native Rust support for memory-safe modules, and Android 13 is the first Android release to have a majority of new code written in Rust. It's hard to build exploit mitigations for processors that run significantly smaller firmware than what can be executed on the AP, and any mitigations built may, in turn, negatively affect performance.

Alongside the launch of Android 13, Google updated its severity guidelines to further highlight remotely exploitable bugs in connectivity firmware. The company also accepts and rewards external contributions via its Vulnerability Rewards Program. This helps to incentivize security researchers to identify severe bugs and report them to Google. which then improves the security of the overall platform. It's important to protect not just the operating system that runs on the AP but the other smaller firmwares that run on other parts of the SoC.