The new version of Android O puts security first and foremost. At an I/O developer session on Google’s California campus on Thursday, the search giant detailed the ways the operating system protects against malicious files, viruses, malware, and other threats.
Google’s unifying its security efforts under a new brand — Google Play Security — going forward.
Find My Device, a redesigned and upgraded version of Google’s Android Device Manager, is a part of it. It tracks phones, tablets, and Android Wear devices associated with your Google account and shows stats like battery capacity, Wi-Fi status, and last known location.
Google’s other changes affect the core of Android’s operating system. “Verify Apps,” which scans apps installed from the web and third-party app stores, is enabled by default in Android O.
Android O also packs rollback protection — supported devices won’t boot older, potentially compromised operating systems. And encryption, which has seen a significant uptick in adoption — from 25 percent of devices on Android Marshmallow to 80 percent of devices on Android Nougat, Google said — has been improved.
Google’s implemented “tamper-resistant” hardware with Android O — similar to the chip embedded in credit cards, Android devices support hardware-based security. And Google’s revamped permissions, the systems which allow you to allow or deny apps access to your device’s sensors or personal data.
In Android O, permissions are less abusable by harmful apps. Ransomware apps can no longer obscure the phone’s lock screen or status bay, for example, and cannot use the admin permission to prevent deletion or to change your password.
Project Treble, a framework that makes it easier for hardware manufacturers to update devices quickly, isolates bugs from core parts of the operating system. Exploits are now more difficult for malicious apps to reach, Google said, and the Media Server — the software component of Android N that handles audio and video playback — has been split into individual components with “much tighter” control over permissions.
More than 20 percent of security bugs from the beginning of this year are no longer an issue, Google said.
Google has worked to improve overall app security, too. The Webview renderer, which apps use to put webpages in a readable format, is now isolated from other parts of the app. And Google brought Safe Browsing, the Chrome browser feature which uses machine learning to alert you of potentially harmful web content, to Web View.
Finally, Android O supports FIDO U2F security keys, the hardware-based fobs used to authenticate social media accounts and web logins.
The new security features build on Google’s efforts to harden Android against attackers. Google’s SafetyNet, which rolled out alongside Android Marshmallow last year, verifies that devices are what they claim to be. And Google is using machine learning and statistical analysis to pinpoint potentially harmful apps.
Google’s real-time, cloud-based security platform, consists of more than 20,000 processors, the company said and scans more than 50 billion devices every day.
