Here's how Google made 95% of all Android devices more secure
Before we dive right into this one, lets have a quick recap. With Android's reach now closing in on a billion active devices worldwide, Android malware has been a bigger concern than ever.
With the latest so called “Master Key” exploit attracting widespread attention, Google had to act quick, and it really did. It issued a patch that took care of the vulnerability to its OEM partners, and patched the Play Store almost immediately. Problem solved, right? Not quite, as you probably thought. Despite Google's best intentions, OEMs are infamous for their slow update cycles, and there was no telling exactly when the critical mass of Android devices would be protected from a threat that was already spreading in the wild.
Fortunately for everybody involved, word has gotten out that Google has, in a brilliant move, bolstered the security of some 95% of devices out there, and here's how. Remember Bouncer? It's Google's watchdog overseeing the security of its proprietor's Play Store. Well, with Android 4.2, Google introduced some of the functionality of Bouncer and called it Verify Apps. The new service would watch for each and every app that you download regardless of its source – be it the original app store or a side-loaded app from a third-party store – and guard you against attacks.
The ramifications of this are huge, folks! By deconstructing Android in this way, Google will be able to skip the glacier-slow OEMs and be able to issue security updates largely on its own. With this, and the recently unearthed “Apps Ops” feature making its debut in Android 4.3, Google really seems to have stepped up its game in terms of security, and we're the happier for it.
source: ComputerWorld
With the latest so called “Master Key” exploit attracting widespread attention, Google had to act quick, and it really did. It issued a patch that took care of the vulnerability to its OEM partners, and patched the Play Store almost immediately. Problem solved, right? Not quite, as you probably thought. Despite Google's best intentions, OEMs are infamous for their slow update cycles, and there was no telling exactly when the critical mass of Android devices would be protected from a threat that was already spreading in the wild.
So where does that 95% figure come from? According to ComputerWorld, Google has made the Verify Apps service a part of the entire Google Play Services package (think Gmail, Maps and Youtube), and it is available for every single device running Android 2.3 Gingerbread and above. Or about 95% of all Android devices, according to Google's own stats.
"We wanted to make sure those protections were available even for users who were choosing to install applications from a source other than Google Play," Android Security Engineer Adrian Ludwig told ComputerWorld. "It's always been a focus for Android to make sure that we're supporting an open ecosystem and that it's possible for users to get applications that developers, for any number of reasons, aren't distributing through [the official Play Store channel]."
The ramifications of this are huge, folks! By deconstructing Android in this way, Google will be able to skip the glacier-slow OEMs and be able to issue security updates largely on its own. With this, and the recently unearthed “Apps Ops” feature making its debut in Android 4.3, Google really seems to have stepped up its game in terms of security, and we're the happier for it.
Things that are NOT allowed: