Understanding the Need for Android Security Upgrades in Android Automotive|Sasken

  Jan 28, 2021 9:22:45 PM

The in-vehicle infotainment system has become a pivotal component in present day vehicles, having evolved from a mere radio to a fully-fledged media powerhouse with essential driving functions. Among the select operating systems used today, Android Automotive is gradually emerging as the next big player in this field.

Android Automotive is an Android-based operating system which, unlike Android Auto is built into the infotainment system. Android Automotive allows the user to effectively utilize Google Automotive Services (GAS) such as Maps, Assistant, Play Store, and download Android applications specifically designed for vehicles. This includes control over vehicle functionality such as air conditioning, heating, audio, lighting systems etc. Additionally, Android Automotive also allows OEMs to distinguish themselves from one another with customizations that suit their brand personality.

With Android being on open-source operating system, it is susceptible to security vulnerabilities or common vulnerabilities and exposures (CVEs). These CVEs are a bigger threat to a vehicle as opposed to a mobile device. With Android Automotive, the infotainment system will be directly connected in a read/write manner to CAN bus networks containing safety critical automotive infrastructure. Any malicious application or bugged software module could jeopardize the passenger’s safety leading to liabilities and expensive recalls with a negative impact on the OEMs’ brand image.

Keeping this in mind, Google releases monthly Android Security Bulletins (ASBs) to address and fix these CVEs. There are certain ASBs that only affects the Android Open-Source Project (AOSP) Firmware and Linux Kernel. These can be directly integrated by the OEM after going through the necessary Google compliance tests and released to the vehicles/customers via over-the-air (OTA) updates.

Other ASBs, however, may be far too complicated to integrate as they may clash with the OEM’s customizations, thereby needing support from the chip vendor to integrate these ASBs. Another thing to consider is that Google only supports Android versions with ASB releases for up to three years from release date. For example, Android Q will be supported with ASBs till June 2022. This poses a serious concern for car makers as unlike mobile phones, automobiles have a much longer life span. According to IHS market research, on an average, cars are replaced after 12 years by a user before upgrading. So, all the cars deployed with older versions of Android will be exposed to various CVEs.

Sasken, by combining its extensive domain knowledge and experience in Automotive and Android offers seamless Security-Patch Management Release (SMR) services for vehicle manufacturers by complying with Android Enterprise Recommended (AER) Programs from Google. Our dedicated Android Centre of Excellence (COE) has over 1,200 person months of experience and has handled more than 6,000 CVEs for 90+ models from various OEMs.

Sasken gains early access to patches and has strong expertise across various chipsets from Qualcomm, Renesas, NXP, MediaTek, and Intel. It can not only support vehicle manufacturers with direct integration of ASBs and chipset patches but also in backporting latest ASB updates on older Android Automotive versions, which are not supported by Google. Doing so enables OEMs to gain customer loyalty by ensuring uninterrupted safety and security for their customers while extending the life of the vehicle.

Learn more about our comprehensive expertise in handling Android and the array of services we provide under automotive solutions.

Posted by:
Hemanga Dutta
Senior Pre-Sales Executive, Automotive Portfolio

Want To Know More About This Topic?

You might also like