Hardware security best practices
Stay organized with collections
Save and categorize content based on your preferences.
This page contains recommendations to ensure
that the hardware present on Android devices contributes to raising the
overall security of the device instead of compromising the security of
the device.
Device memory
It is important to understand the potential security tradeoffs when
selecting memory for Android devices. For example, certain types of memory
can enable the execution of
Rowhammer style attacks.
- Android devices should use memory that contains mitigations against
Rowhammer style attacks. Device manufacturers should work closely with
their memory manufacturers for additional details.
StrongBox Keymaster
It is important to securely store and handle cryptographic keys that are
available on the device. This is typically done on Android devices by
utilizing a hardware-backed Keymaster implemented in an isolated environment,
such as the Trusted Execution Environment (TEE). It is further recommended to
also support a
StrongBox Keymaster, which is implemented in
tamper-resistant hardware.
- Ensure that the StrongBox Keymaster is running in an environment that
has a discrete CPU, secure storage, a high quality true random number
generator, tamper resistant packaging, and side channel resistance to meet
the requirements to qualify as a StrongBox Keymaster. See the Android 9
CDD, section 9.11.2 for more information on the requirements.
Content and code samples on this page are subject to the licenses described in the Content License. Java and OpenJDK are trademarks or registered trademarks of Oracle and/or its affiliates.
Last updated 2024-09-24 UTC.
[{
"type": "thumb-down",
"id": "missingTheInformationINeed",
"label":"Missing the information I need"
},{
"type": "thumb-down",
"id": "tooComplicatedTooManySteps",
"label":"Too complicated / too many steps"
},{
"type": "thumb-down",
"id": "outOfDate",
"label":"Out of date"
},{
"type": "thumb-down",
"id": "samplesCodeIssue",
"label":"Samples / code issue"
},{
"type": "thumb-down",
"id": "otherDown",
"label":"Other"
}]
[{
"type": "thumb-up",
"id": "easyToUnderstand",
"label":"Easy to understand"
},{
"type": "thumb-up",
"id": "solvedMyProblem",
"label":"Solved my problem"
},{
"type": "thumb-up",
"id": "otherUp",
"label":"Other"
}]
{"lastModified": "Last updated 2024-09-24 UTC."}
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2024-09-24 UTC."]]