MOUNTAIN VIEW, Calif.—Compared to the pruned and controlled garden of iOS, Android has a reputation for being like the Wild West. But that hasn't been true for some time, as Google's security team highlighted here at I/O.
Amidst a slew of other announcements at the annual developers conference, Google Play Protect flew under the radar. But the core of the service had been in development for a few years, said Google's head of Android security, Adrian Ludwig. Google now scans over a billion devices for potential security vulnerabilities; each day, 20,000 dedicated processors scour 500,000 apps for potential malware.
While sticking to apps from the Google Play Store is much safer than side-loading apps from other sources (95 percent safer, Ludwig says), Google also provides protection for users who download apps from third-party stores. The service, called Safety Net, has been in operation for years, and extends protection to those without it. It also helps ensure that Android users in countries where the Google Play Store is not in operation have some modicum of protection.
Did you know about any of this? Odds are you didn't. Unless you carefully follow Google announcements, or attend Ludwig's talks at security conferences (where this writer first heard of the program), you probably assumed that Android's Wild West reputation was well deserved.
Google Play Protect aims to rectify that. It's simply a new section in the Google Play app store that shows your apps have been scanned by Google and that all is well. As before, the OS will alert you if it detects something untoward, but Play Protect is a new direction for Android Security.
"The other thing we've been recognizing is that we just name things wrong," said Ludwig. He was referencing a tool in the Google Play store called Android Device Manager. Once activated, it can be used to find a device's physical location on a map and take action to secure a lost device remotely. Going forward, the tool will be rebranded as Find My Device, which will hopefully better communicate its function to users.
Find My Device also now shows battery status for your gadgets, and can track them in the background. This last point lets you see where your device was last detected before its battery ran out or it went offline.
O Say, Can You Secure
Enhanced security will also figure prominently in Android O, according to Xiaowen Xin from Google's Android security team. O will expand its use of verified boot, a process by which the device checks the cryptographic keys at every stage of the boot process. Android devices can then determine if they were rolled back to a previous, more vulnerable version of the OS and prevent booting.
Android O will also support tamper-resistant hardware. Similar to the EMV chips found in modern credit cards, this chip can authenticate a user's PIN, pattern lock, or password, Xin explained.
The permissions model for Android O has also been tweaked to make it harder for malicious apps to abuse the permissions granted by users. In a specific move against ransomware, Android O uses new permissions for specific activities that allowed attackers to take control of the phone's screen and demand ransom. Those avenues will be closed, effectively defanging Android ransomware. Similarly, the Device Admin permission—which previously granted apps a wide latitude of control—has been greatly reduced in an effort to prevent abuse.
Better, Broader Updates
Additional hardware isolation comes to Android O in the form of Project Treble. This expands on the existing sandbox framework, which isolates apps and processes to prevent one bad app from seizing control of your entire phone. The new model will have three broad segments: one for apps, one for the Android OS, and another for the vendor interface.
The aptly named app section is self explanatory. The vendor interface is controlled by other actors who aren't users or Google — think device manufacturers, wireless carriers, and the like. Google controls the OS section, and the company will be able to push updates direcetly to this section without affecting the other two. The goal, Xin explained, is to provide better updates that are more broadly accepted.
This may offset one of Android's perennial challenges: that device manufacturers and wireless carriers can prevent updates from being pushed from Google to user's devices. Treble will hopefully side-step this issue, but we'll have to see.
Instant Apps and Security Keys
Google announced Instant Apps at I/O 2016, and this year it opened up Instant Apps to all developers.
In a nutshell, an Instant App allows you to use portions of an app without installing it. A store, for example, could develop an amazing shopping app, which could be accessed through the web as an Instant App. That way, the app is available to many more people, not just those who already installed it.
Related
- After WannaCry, Should You Worry About Ransomware?After WannaCry, Should You Worry About Ransomware?
Xin pointed out that while this is great, it had potential for abuse. "Opening arbitrary URLs in apps has associated privacy risks." To that end, Google is unveiling an updated permissions model that works to limit what Instant Apps can do, keeping many permissions away from these apps. Additionally, Instant Apps must use HTTPS, which will prevent lookalike apps from using URLs designed to trick consumers
Android O will also add support for two-factor authentication security keys. These are physical devices that can be used instead of receiving a one-time passcode via SMS, as is a common means of employing 2FA protection. Physical keys, Ludwig explained, are faster for authenticating than other methods.
Many of these changes, both in terms of visibility and the actual tools, mark a continued aggressiveness on the part of Google to secure the Android platform. The security features deployed by the company are increasingly robust and complex, and the protection Google provides is stronger and more visible than before. If anything can finally repel Android's security infamy, it may be this.