Google published its Android’s security annual year review on May 15th. You can look through the comprehensive, 56-page report yourself, but I’ve got some of the highlights for you.
Google Play Protect
In May 2017, Google announced Google Play Protect, a new home for the suite of Android security services on nearly two billion devices.
Google Play Protect scanning apps on every Android phone that has Google Play. It scans at least once a day, which comes out to roughly 50 billion apps, and identifies what Google calls “Potentially Harmful Apps” (aka PHAs) in the process.
Play Protect uses a variety of different tactics to keep users and their data safe, but the impact of machine learning is already quite significant: 60.3% of all Potentially Harmful Apps were detected via machine learning, and they planning increase in the future.
In October 2017, Google enabled offline scanning in Play Protect, and have since prevented 10 million more PHA installs.
Preventing PHA downloads
Devices that downloaded apps exclusively from Google Play were nine times less likely to get a PHA than devices that downloaded apps from other sources. And these security protections continue to improve, partially because of Play Protect’s increased visibility into newly submitted apps to Play. It reviewed 65% more Play apps compared to 2016.
Play Protect also doesn’t just secure Google Play—it helps protect the broader Android ecosystem as well. Thanks in large part to Play Protect, the installation rates of PHAs from outside of Google Play dropped by more than 60%.
Google Play Protect’s on-device capabilities with a brief description of how they help keep devices and data safe. Most of these services integrate with a cloud-based component that allows Google to push updates.
The following sections explain how these on-device protections work and details new features and improvements made in 2017.
|PHA scanning||Collection of mobile threat protections and removal
options for downloaded PHAs including:
— Automatic daily PHA scanning
— User-initiated, on-demand scanning
— Scanning for threats even when device is offline
— Automatically disabling or removing PHA threats
— Uploading new apps to the cloud for scanning
|Find My Device||Protection for lost or stolen devices (Formerly Android
|Safe Browsing||Protection from deceptive websites|
|Developer APIs||APIs that allow third-party apps to use Google’s
Since 2013, Android devices have included SafetyNet, which allows devices to contribute security-related information to Google’s cloud-based services. This can include information about security events, logs, configurations, and other security-relevant details. In 2017, SafetyNet added new APIs to allow developers to raise the security bar for their apps. The SafetyNet attestation API helps an app evaluate whether it is talking to a genuine Android device.
New security features in Android Oreo
Google introduced a slew of new security features in Android Oreo: making it safer to get apps, dropping insecure network protocols, providing more user control over identifiers, hardening the kernel, and more.
If you want to get really deep into the data, you can read Google’s full 2017 security report
According to the report, Google’s team believes that it’s more effective at security than a similarly sized closed-source project.No Fields Found.