Google is urging phone manufacturer partners to enable Android's Oreo's security feature which detects whether a device has been downgraded to an earlier version of the OS. or has been tampered with.
Known as rollback protection, it's meant to add another layer of security, like in the event a device is lost or stolen, in which the attacker rolls it back to an older Android firmware with known vulnerabilities.
This security feature works in tandem with Project Treble, the major redesign of Android in Oreo that separates the Android platform from vendor code.
This modular design aims to help Android OEMs to deliver new versions of Android to users faster.
However, Project Treble is only supported on newer devices that ship with Android, instead of the devices that are upgraded to Oreo. So phones like the Pixel 2 and the Sony Xperia XZ1 are compatible with Treble, while the Nokia 8 is not.
The case is the same for rollback protection, which is part of a version of Verified Boot called Android Verified Boot 2.0 or AVB.
This is why Google is urging its partners to have the feature in place.
Google revealed some details about rollback protection in September 2017, saying that it has a central data structure called VBMeta struct which works like the following:
According to Google, rollback protection relies on the Trusted Execution Environment which signs the version of Android on the device.
Other hardware security features include the Lock Hardware Abstraction Layer, which aims to help preventing a device from being reset if it has been stolen.
The other key feature is a chip called the security module that "prevents many software and hardware attacks and is also resistant to physical penetration attacks".
Initially, both of the hardware features are available in the Google Pixel 2 smartphone.