Google posted the second Android Security Report on its security blog. The purpose of the report is to engage its users and developers in an informed conversation about Android security, in the hopes that a transparent and open discussion can make the platform more secure.
The report outlines Google’s efforts at making the Android ecosystem more secure. This is done by monitoring and collecting data from devices. Cloud based and on device Google Mobile Services protect more than one billion devices, which makes Google the world’s biggest provider of on device security services. Google Mobile services includes Smart Lock, Device Manager, Safe Browsing, Safety Net and Verify Apps. Granular app permissions and sandboxing the applications, which is isolating it from other apps in the system, enhanced the security over the past year.
In 2014, Google also deployed machine learning to automate scanning of devices, highly reducing the effectiveness of exploits and vulnerabilities. The biggest threat were PHAs (Potentially Harmful Apps) which collect unauthorised data and download malicious content. Android’s Verify Apps service protects downloads from third party app stores, and was significant in bringing down the number of harmful installs. SafetyNet protected users from network based attacks. Hundreds of millions of users were protected from risky web sites because of Safe Browsing.
Android became part of Google’s Vulnerability rewards program, which gives cash to security researches in exchange for vulnerabilities or bugs. Android paid out over $200,000 as part of the program. The monthly public security update program was introduced to Nexus devices, and are expected to appear in more devices soon.