Information security is ever evolving, and Android's security posture is no different. Users and application developers have high expectations that their data will be kept safe, private, and secure, and it's the responsibility of the Android Security Team to enable this. To do this, Android has focused on four critical principles of information security: exploit mitigation, exploit containment, attack surface reduction, and safe-by-default features.
In this talk, we will discuss Android's attack surface reduction history, and how that fits into the broader Android security story. We will go into detail on the specific technical strategies used to achieve the attack surface reduction, and explore specific bugs which were made unreachable as a result of the hardening over the last several years. And we will examine the overall result of the hardening, and areas for improvement.