Aug 18, 2023 · Information Security

Shadow Call Stack (SCS) in Android: Mechanism, Requirements, and Implementation

Android’s Shadow Call Stack (SCS), silently enabled since Android R on AArch64 devices, stores return addresses in a protected register‑based stack separate from the regular stack, complementing stack canaries and requiring hardware support, while developers can activate it via -fsanitize=shadow-call-stack and avoid using X18 elsewhere.

Android SecurityAssemblyLLVM

0 likes · 7 min read

Shadow Call Stack (SCS) in Android: Mechanism, Requirements, and Implementation

OPPO Amber Lab

Aug 11, 2023 · Information Security

How Android’s Shadow Call Stack Strengthens Kernel Security

This article explains Android's Shadow Call Stack (SCS) security mechanism, its hardware dependencies, enabling methods, and how it protects return addresses on AArch64 kernels, illustrated with code examples and real‑world deployment results.

Android SecurityKernel HardeningLLVM

0 likes · 6 min read

How Android’s Shadow Call Stack Strengthens Kernel Security