Google recently introduced a new security measure for Pixel phones called Binary Transparency to provide user-verifiable guarantees that their devices haven’t been compromised.
Expand Expanding Close
Google has a number of ongoing efforts to protect Android, ranging from monthly security patches to Play Store protections. The latest initiative is called Android Security and PrIvacy REsearch (ASPIRE) to increase collaboration between the company’s internal teams and outside researchers.
While the added privacy measures are not as noticeable as notification snoozing, Picture-in-Picture, and other new customizations, there are a number of them in Android O. With this release, Google is specifically aiming to limit device identifiers and other information that apps can request.
A year ago, Android was added to the Google Vulnerability Rewards Program that pays researchers for submitting security bugs that affect various products and services. Google has since paid over $550,000 in rewards and is raising the amount going forward.
Last year’s particularly virulent Stragefright bug allowed attackers to perform a number of actions on an infected device through remote code execution. While Google has addressed those issues with monthly security patches, Android N will play a larger role in making sure a similar issue does not happen again.
A Google blog post reminds users of the four steps they can take to protect the security of their Android devices.
Online security is a critical piece of our everyday life. That’s why we build multiple lines of defense in Android to make the internet safer for over a billions users. Even with these layers of protection, it still doesn’t hurt to take a couple of extra precautions to be super safe.
The four steps are all ones we’d expect to be familiar to 9to5Google readers, but they could serve as useful pointers for less tech-savvy friends and family members …
With January coming to a close, Samsung has released their security update for this month just in time. This is continuing on the company’s promise to provide monthly security updates for its Android devices.
Google has been following through with its promise of providing monthly security patches for Nexus devices. Last month’s was bundled with Android 6.0.1 and the January security updates are arriving today. The updates are based on Android 6.0.1, so don’t expect any new user facing features or even other tweaks.
Google’s Android security lead Adrian Ludwig has posted a detailed description of the security update recently issued by Google for Nexus devices. The update was designed to address the Stagefright vulnerability which has been described as the “worst Android vulnerability in the mobile OS history.”
On August 5, 2015, we released an over-the-air (OTA) update for Nexus 4/5/6/7/9/10 and Nexus Player devices that includes several security fixes. The patches for these fixes have also been released to the Android Open Source Project (AOSP) source repository. These issues are categorized and provided in decreasing order of severity. We have also provided an assessment of each issue, given the information we have at the time of the publication of this bulletin …
Google has issued a patch to handset manufacturers to block a security hole that could, in theory, allow almost any Android application to be turned into malware, reports ZDNet.
It doesn’t get much scarier than this. Bluebox Security claimed to have discovered a vulnerability in Android’s security model that could allow attackers to convert 99 percent of all applications into Trojan malware. Google has told ZDNet that the hole has been patched and that it has been released to original equipment manufacturers (OEM)s.
Handset and tablet owners will have to rely on the manufacturer to push the patch to their device, but the vulnerability isn’t as scary as it sounds. While it would in principle allow an attacker to change almost any application to malware without Android detecting the change, Google reports that there is no evidence of the exploit having actually been used.
“We have not seen any evidence of exploitation in Google Play or other app stores via our security scanning tools. Google Play scans for this issue – and Verify Apps provides protection for Android users who download apps to their devices outside of Play,” said Gina Scigliano, Google’s Android Communications Manager.
Via Techmeme