In its latest report about the state of Android security, Google has claimed that its continuing efforts to fortify its mobile OS means that the platform is now as secured as any other platform. The report, titled ‘Android Security: 2017 Year in Review‘, lays out a number of initiatives that the company has implemented recently in trying to cut down on instances of malware attacks.
One of those key initiatives is Google Play Protect, something the company added last year to find and stop Play Store apps that may pose a security risk to users. According to Google, Play Protect reviewed about 23 million new apps last year, and automatically disabled PHAs or potentially harmful apps, from roughly 1 million devices. The company also says that offline scanning blocked over 10 million harmful app installs last year alone. The company also says that it updated its cloud-based security and heuristic analysis capabilities in 2017.
“Our machine learning models successfully detected 60.3% of PHAs identified by Google Play Protect in 2017”
According to Google, the three countries with the largest number of Android devices with Google Play Protect are India, the United States of America (USA) and Brazil. Sadly, though, users in India remain almost twice as likely to be affected by PHAs compared to other countries, seeing as 1 percent of devices in the country are affected by the issue, as opposed to the global average of 0.56 percent. The US and Brazil, meanwhile, are better off than the rest of the world, with PHA infestations of 0.4 percent and 0.26 percent.
Timely security updates also go a long way in keeping any operating platform secure, and towards that end, Google announced Project Treble that will allow Android OEMs to push through updates quickly without having to wait for suppliers to release their binary codes. The company also emphasized its re-architected Android Verified Boot 2.0 that works with Project Treble and, “provides a hardware-based root of trust, and confirms the state of each stage of the boot process for devices with at least 1GB of RAM”.
“Devices with Treble are easier to update, which should mean faster security patches and Android version updates for the whole ecosystem”
The company also outlines other useful services, such as the Android Device Manager service, which was renamed to ‘Find My Device’ last year, and picked up a few more features that would help owners track their lost devices easier. The company also points out that, In 2017, it added new APIs to ‘SafetyNet’ to allow developers to raise the security bar for their apps. One of those is that reCAPTCHA API, “which uses an advanced risk analysis engine to protect apps from spam and other abusive actions”.
Other new security-focused features include more granular controls over app permissions, enhanced privacy controls, kernel hardening, Keystore updates, Secure Lockscreen, tamper-resistant hardware chips, the introduction of sanitizers and fuzzing, and many more key steps that Google says has helped Android become as secure as any operating platform right now.
Last, but not the least, the company also says that the Android Security Research program paid out $1.28 million last year for discovering and reporting vulnerabilities in Android, bringing the total to $2.2 million since its inception in 2015. The company also pointed out that “no exploits successfully compromised Google Pixel devices” at the 2017 Mobile Pwn2Own competition”.
