Google Android 17 Steps Toward Desktop: Learning from ChromeOS Will Restrict Direct USB4 Interface Memory Access

IT Home, March 10 — Technology media Android Authority published a blog post yesterday (March 9), reporting that in the Android 17 Beta 2 update, Google is adopting security mechanisms from ChromeOS by adding restrictions on Thunderbolt and USB4 devices accessing system memory.

Android is accelerating its expansion into desktop environments. Besides Android TV and desktop mode, the latest code in Android 17 Beta 2 further reveals its “desktopization” process.

To meet the high hardware connection demands of desktop users, Google is introducing security features already present in Chromebooks, specifically restricting Thunderbolt and USB4 devices from accessing system memory.

IT Home quotes the blog post, explaining that ChromeOS’s security policy aims to avoid risks associated with direct memory access (DMA). By default, devices connected via Thunderbolt or USB4 are prohibited from directly accessing memory. Google recommends enabling this permission only when connecting trusted devices and facing performance bottlenecks.

Based on the code in the Android 17 Beta 2 update, Google is working on building similar access restrictions for Android. The code includes a “Data Access Protection” setting, allowing users to control whether USB and Thunderbolt devices can directly access memory to maximize hardware speed, with a warning to connect only trusted devices.

Data access protection Allow USB and Thunderbolt devices to access system memory directly for maximum hardware speeds. Note: This poses a security risk, so only connect devices you trust.

Additionally, the system reserves management interfaces for enterprise users and high-security scenarios. IT administrators or Android’s “Advanced Protection Mode” can forcibly disable user-initiated restrictions.

Disabled by your IT admin