How Google secured more than two billion Android devices
Google recently released their annual Android security report.
Despite all of the breaches across platforms last year Google remains optimistic about their progress at securing the nearly two billion Android devices out there.
In May, they announced Google Play Protect, a new home for the suite of Android security services on nearly two billion devices.
While many of Play Protect’s features had been securing Android devices for years, they wanted to make these more visible to help assure people that their security protections are constantly working to keep them safe.
Play Protect’s core objective is to shield users from Potentially Harmful Apps, or PHAs.
Every day, it automatically reviews more than 50 billion apps, other potential sources of PHAs, and devices themselves and takes action when it finds any.
Play Protect uses a variety of different tactics to keep users and their data safe, but the impact of machine learning is already quite significant: 60.3% of all Potentially Harmful Apps were detected via machine learning, and they expect this to increase in the future.
Play Protect automatically checks Android devices for PHAs at least once every day, and users can conduct an additional review at any time for some extra peace of mind.
These automatic reviews enabled Google to remove nearly 39 million PHAs last year.
Google also updates Play Protect to respond to trends that they detect across the ecosystem.
For instance, they recognised that nearly 35% of new PHA installations were occurring when a device was offline or had lost network connectivity. ‘
As a result, in October 2017, Google enabled offline scanning in Play Protect, and have since prevented 10 million more PHA installs.
Devices that downloaded apps exclusively from Google Play were nine times less likely to get a PHA than devices that downloaded apps from other sources.
Play Protect also doesn’t just secure Google Play, it helps protect the broader Android ecosystem as well. Thanks in large part to Play Protect, the installation rates of PHAs from outside of Google Play dropped by more than 60%.
Google also introduced a slew of new security features in Android Oreo: making it safer to get apps, dropping insecure network protocols, providing more user control over identifiers, hardening the kernel.
They highlighted many of these over the course of the year, but some may have flown under the radar.
For example, they updated the overlay API so that apps can no longer block the entire screen and prevent you from dismissing them, a common tactic employed by ransomware.
On top of all of this, they also employ several security programs that revolve around finding and securing potential exploits.