Skip to main content

With improved encryption, Android O is the most secure version of Android yet

The new version of Android O puts security first and foremost. At an I/O developer session on Google’s California campus on Thursday, the search giant detailed the ways the operating system protects against malicious files, viruses, malware, and other threats.

Google’s unifying its security efforts under a new brand — Google Play Security — going forward.

Recommended Videos

Find My Device, a redesigned and upgraded version of Google’s Android Device Manager, is a part of it. It tracks phones, tablets, and Android Wear devices associated with your Google account and shows stats like battery capacity, Wi-Fi status, and last known location.

Google’s other changes affect the core of Android’s operating system. “Verify Apps,” which scans apps installed from the web and third-party app stores, is enabled by default in Android O.

Image used with permission by copyright holder

Android O also packs rollback protection — supported devices won’t boot older, potentially compromised operating systems. And encryption, which has seen a significant uptick in adoption — from 25 percent of devices on Android Marshmallow to 80 percent of devices on Android Nougat, Google said — has been improved.

Google’s implemented “tamper-resistant” hardware with Android O — similar to the chip embedded in credit cards, Android devices support hardware-based security. And Google’s revamped permissions, the systems which allow you to allow or deny apps access to your device’s sensors or personal data.

In Android O, permissions are less abusable by harmful apps. Ransomware apps can no longer obscure the phone’s lock screen or status bay, for example, and cannot use the admin permission to prevent deletion or to change your password.

Project Treble, a framework that makes it easier for hardware manufacturers to update devices quickly, isolates bugs from core parts of the operating system. Exploits are now more difficult for malicious apps to reach, Google said, and the Media Server — the software component of Android N that handles audio and video playback — has been split into individual components with “much tighter” control over permissions.

Image used with permission by copyright holder

More than 20 percent of security bugs from the beginning of this year are no longer an issue, Google said.

Google has worked to improve overall app security, too. The Webview renderer, which apps use to put webpages in a readable format, is now isolated from other parts of the app. And Google brought Safe Browsing, the Chrome browser feature which uses machine learning to alert you of potentially harmful web content, to Web View.

Finally, Android O supports FIDO U2F security keys, the hardware-based fobs used to authenticate social media accounts and web logins.

The new security features build on Google’s efforts to harden Android against attackers. Google’s SafetyNet, which rolled out alongside Android Marshmallow last year, verifies that devices are what they claim to be. And Google is using machine learning and statistical analysis to pinpoint potentially harmful apps.

Google’s real-time, cloud-based security platform, consists of more than 20,000 processors, the company said and scans more than 50 billion devices every day.

Kyle Wiggers
Kyle Wiggers is a writer, Web designer, and podcaster with an acute interest in all things tech. When not reviewing gadgets…
Android phones get new security feature that iPhone owners already have
The Google Pixel 9a on a table showing the screen.

Google is taking a page out of Apple's playbook by launching a new security feature that makes Android phones automatically restart after a few days of inactivity.

The new auto-restart feature (or auto-reboot, if you want to call it that) was patched into the latest Google Play services update, which was released on Monday. The release notes say that the update forces your Google Pixel 9, Samsung Galaxy S25, or other Android phone to restart itself "if locked for [three] consecutive days," which means you need to enter your PIN code if you want to unlock it after not using it for that period of time. It resembles the Inactivity Reboot feature on iOS 18.1, only iPhones would restart themselves after four days.

Read more
Apple just patched a security flaw left users open to phishing attacks
A person holding the Apple iPhone 16 Pro Max.

Apple just shared news that a new security update is available that patches a critical vulnerability in the Apple Password App. If you haven't yet updated your phone to the latest version of iOS, now's a good time — it will prevent you from falling victim to previously unknown security flaws.

The security flaw allowed bad actors to access stored usernames and passwords. The Apple Password App makes it easy to quickly log in to a website using stored credentials, but it should only work over a secured network; in other words, the URL should begin with "HTTPS." Security researchers first discovered the problem when more than 130 insecure websites (those that only used HTTP) had connected with the Password App.

Read more
Google quietly fixed USB flaw that left over a billion Android devices exposed
Official Android mascot and splash screen on a phone.

In the first week of February, Google published its usual Android Security Bulletin, detailing security flaws that have been plugged to strengthen the platform safety. These flaws are usually declared once they have been fixed, except in special circumstances.

February is one of those rare situations for a kernel-level, high-severity flaw that was still being actively exploited at the time of the bulletin’s release. “There are indications that CVE-2024-53104 may be under limited, targeted exploitation,” says the release note.

Read more