Skip to main content

Android security came a long way in 2016 but Google says there is more work

ransomware wannacry exploit attacking pc security padlock
Maksim Kabakou/Shutterstock.com
With hundreds of different Android devices out in the wild, running different versions of the operating system on different hardware, Google faces a massive challenge in distributing critical security updates. In the past, many users have had to wait up to three months before having their phones patched, not only due to the variation between Android products, but also the lack of urgency with which manufacturers pushed fixes out.

Google has been well aware of this problem, which is why it has made significant strides over the past several years, reducing that wait time to just a couple of days, according to TechCrunch. But there is still work to be done, as Adrian Ludwig and Mel Miller, members of Android’s Security Team, have noted in a year-in-review blog post.

Recommended Videos

More than 735 million devices from more than 200 manufacturers received security updates last year, according to Google. While that illustrates the company’s commitment to keeping users safe, the job is hardly complete. Ludwig and Miller also noted roughly half the Android products in use at the end of 2016 had not received an update in the preceding 12 months. Google claims its new A/B update system, designed to make over-the-air updates more reliable and prevent them from inadvertently bricking phones, will help encourage installation.

Please enable Javascript to view this content

The monthly security update initiative, set in motion after the Stagefright vulnerability was discovered in 2015, also saw expansion in 2016, the team reported. Those updates were released for devices running Android 4.4.4 and up, which comprises 86 percent of all active devices globally.

Ludwig and Miller also said they made strides in stamping out potentially harmful apps (PHAs) in the Google Play Store. Verify Apps, a system that checks users’ devices for PHAs, conducted 750 million daily tests last year, up from 450 million in 2015. As a result, installation of PHAs was reportedly reduced in the top 50 countries in which Android devices are used. Google estimated PHAs accounted for 0.05 percent of all apps on the Play Store last year, compared to 0.15 percent in the year prior.

Of course, Google Play isn’t the only place where users can get their apps, and that is one of the roadblocks Google encountered trying to make Android safer for everyone. The number of devices with a PHA installed — from any source, not just Google’s marketplace — actually rose to 0.71 percent from 0.5 percent.

Although many Android users have chosen Pixel and Nexus devices to receive updates straight from Google automatically, the security team attributed much of its progress to enhancements offered by the release of Android 7.0 Nougat. Chiefly, the introduction of file-based encryption and protections against media-based attacks have bolstered security in the most recent Android phones, regardless of manufacturer.

Still, as much as the Android Security Team has accomplished alongside partners and carriers, it still helps to have friends in the research community. Google said its Vulnerability Rewards Program paid out nearly $1 million to researchers in 2016 for their contributions — some of which were set to rave music.

Adam Ismail
Former Digital Trends Contributor
Adam’s obsession with tech began at a young age, with a Sega Dreamcast – and he’s been hooked ever since. Previously…
The Google Home app is getting a long-overdue feature
The Google Home logo on a Pixel phone.

According to the sleuths over at Android Authority, the Google Home app is about to get a much-needed feature that I'm honestly shocked hasn't been added yet: a search bar.

If you've never used the Google Home app before, it's sort of the command center for all things smart home in the Google smart home ecosystem. If you only have a few smart home devices, it's easy enough to navigate — but if you have an extensive smart home setup, you could have upwards of 50 devices listed in the app. If you don't take time to organize and label them, it gets unwieldy fast.

Read more
Google just launched these 5 new features for your Android phone
The display on the Google Pixel 9 Pro XL.

Google is bringing a handful of new features to Android phones, including tools to keep users safe during a natural disaster, enhancements to accessibility using AI, and easier music discovery. Simultaneously, the company has reached a critical milestone with Android 15, pushing it closer to its public release in the coming weeks.
Keeping users safe during earthquakes

Google says its remarkable earthquake alert system is now available to users across all American states and territories. It plans to reach the entire target base within the next few weeks. Google has been testing the system, which also relies on vibration readings collected from a phone’s accelerometer, since 2020.

Read more
Security experts just found a massive flaw with Google Pixel phones
A person holding the Google Pixel 8 Pro.

Google is patching a serious firmware-level vulnerability that has been present on millions of Pixel smartphones sold worldwide since 2017. “Out of an abundance of precaution, we will be removing this from all supported in-market Pixel devices with an upcoming Pixel software update,” the company told The Washington Post.

The issue at heart is an application package called Showcase.apk, which is an element of Android firmware that has access to multiple system privileges. Ordinarily, an average smartphone user can’t enable or directly interact with it, but iVerify’s research proved that a bad actor can exploit it to inflict some serious damage.

Read more