Get My Score

CIS and Cavirin release Android 8.0 Security Benchmark

CIS Google Android Benchmark

Cavirin is excited to announce the availability of CIS Android 8.0 Security Benchmark! Download your copy from CIS Website today.

Android 8.0 (a.k.a. Android Oreo) was released on eclipse day last week by Google. It brings several enhancements to improve user experience and bolster platform security.

Some of the changes that affected the security benchmark were:

  • Redesigned Settings Menu – This required us to update the audit and remediation steps for all the 39 recommendations in the benchmark. The settings area and various menus have been reorganized to make things as simple and straightforward as possible.
  • Instant apps - Instant apps allow you to use apps without installing them on your device. On clicking app links, the browser downloads and run app modules as desired by the user. The new recommendation – “1.28 Ensure 'Instant apps' is set to Disabled” reads that “Having exposure to an app like this is dangerous since any malicious link could then potentially trick the user and then browser could download the app code and run on your device without requiring installation. Also, this feature defies enterprise security that relies on blacklisting or whitelisting apps based on installation. Hence, it is recommended to turn off instant apps.” 
  • Encrypt by default – Android 8.0 devices are now encrypted by default and there is no separate control to turn it on or off. This was a long promised item and we finally see that it is there. As such, we had to drop the recommendation “Ensure 'Encrypt phone' or 'Encrypt tablet' is set to Enabled”.
  • No more password speaking – This might be a counter-productive change in Android 8.0 for accessibility help but a welcome setting on security. There is no more password speaking! Hence, the prior recommendation “Ensure 'Speak passwords' is set to Disabled” had to be dropped.

Download your copy today and secure your Android device.

Cavirin is taking a leadership role in defining several industry-accepted security benchmarks. It leads benchmark development on Docker, Kubernetes and Android. It also kicked-off CIS Azure Security Benchmark development last week. With Cavirin, you can continuously monitor your security controls at various levels of your infrastructure – cloud, OS, network and application.


© 2019 Cavirin Systems, Inc. All rights reserved.