Memory security has been a top priority for Google lately, as memory errors tend to be some of the most serious in software development. In fact, vulnerabilities in this area were responsible for the majority of critical vulnerabilities Androidu until last year when Google created a significant chunk of new native code Androidin the Rust programming language instead of C/C++. The software giant is working to support other means of mitigating memory vulnerabilities in its system, one of which is called memory marking. On supported devices with the system Android 14 there may be a new setting called Advanced memory protection that could toggle this feature.
Memory Tagging Extension (MTE) is a mandatory hardware feature of processors based on the Arm v9 architecture that provides detailed informace about memory corruption and protects against memory safety errors. As Google explains: “At a high level, MTE tags each memory allocation/deallocation with additional metadata. Assigns a marker to a memory location, which can then be associated with pointers that refer to that memory location. At runtime, the processor checks that the pointer and metadata tags match each time it is read and saved."
Gallery
Google is working to support MTE across the entire software suite Android for a long time. To Androidu 12 added the Scudo memory allocator and support for three MTE modes of operation on compatible devices: synchronous mode, asynchronous mode, and asymmetric mode. The company also made it possible to enable MTE for system processes through system properties and/or environment variables. Applications can add MTE support via an attribute android:memtagMode. When MTE is enabled for processes in Androidu, entire classes of memory safety errors like Use-After-Free and buffer overflows will cause crashes instead of silent memory corruption.
Do Androidu 13 Google added a Userspace Application Binary Interface (ABI) to communicate the desired MTE operating mode to the bootloader. This can be used to enable MTE on compatible devices that do not ship with MTE enabled by default, or it can be used to disable it on compatible devices that have it enabled by default. Setting the ro.arm64.memtag.bootctl_supported system property to "true" on the system Android 13 told the system that the bootloader supported the ABI and also activated a button in the developer options menu that allowed the user to enable MTE on the next reboot.
V AndroidAt 14 however, enabling MTE on compatible devices may already require diving into the developer options menu. If the device uses an Arm v8.5+ processor with MTE support, the device implementation supports the ABI for communicating the desired MTE operating mode to the bootloader, and the new ro.arm64.memtag.bootctl_settings_toggle system property is set to "true", then a new page Advanced memory protection v Settings→Security and privacy→Additional security settings. This page can also be launched via the new ACTION_ADVANCED_MEMORY_PROTECTION_SETTINGS action.
You could be interested in
Interestingly, the Tensor G2 chipset that powers the Google Pixel 7 series uses Arm v8.2 processor cores, which means it doesn't support MTE. If the upcoming Google Pixel 8 series will use the new Arm v9 cores like other flagship series androidphones, then their hardware should be able to support MTE. However, the question remains whether the "advanced memory protection" feature will make it to the stable version Androidin 14
