Evolution of Android Security Updates

Posted by Dave Kleidermacher, VP, Head of Security – Android, Chrome OS, Play [Cross-posted from the Android Developers Blog] At Google I/O 2018, in our What’s New in Android Security session, we shared a brief update on the Android security updates program. With the official release of Android 9 Pie, we wanted to share a … Devamını oku

A reminder about government-backed phishing

Posted by Shane Huntley, Threat Analysis Group TLDR: Government-backed phishing has been in the news lately. If you receive a warning in Gmail, be sure to take prompt action. Get two-factor authentication on your account. And consider enrolling in the Advanced Protection Program. One of the main threats to all email users (whatever service you … Devamını oku

Expanding our Vulnerability Reward Program to combat platform abuse

Posted by Eric Brown and Marc Henson, Trust & Safety Since 2010, Google’s Vulnerability Reward Programs have awarded more than $12 million dollars to researchers and created a thriving Google-focused security community. For the past two years, some of these rewards were for bug reports that were not strictly security vulnerabilities, but techniques that allow … Devamını oku

Google Public DNS turns 8.8.8.8 years old

Posted by Alexander Dupuy, Software Engineer Once upon a time, we launched Google Public DNS, which you might know by its iconic IP address, 8.8.8.8. (Sunday, August 12th, 2018, at 00:30 UTC marks eight years, eight months, eight days and eight hours since the announcement.) Though not as well-known as Google Search or Gmail, the … Devamını oku

Mitigating Spectre with Site Isolation in Chrome

Posted by Charlie Reis, Site Isolator Speculative execution side-channel attacks like Spectre are a newly discovered security risk for web browsers. A website could use such attacks to steal data or login information from other websites that are open in the browser. To better mitigate these attacks, we’re excited to announce that Chrome 67 has … Devamını oku

Compiler-based security mitigations in Android P

Posted by Ivan Lozano, Information Security Engineer [Cross-posted from the Android Developers Blog] Android’s switch to LLVM/Clang as the default platform compiler in Android 7.0 opened up more possibilities for improving our defense-in-depth security posture. In the past couple of releases, we’ve rolled out additional compiler-based mitigations to make bugs harder to exploit and prevent … Devamını oku

Better Biometrics in Android P

Posted by Vishwath Mohan, Security Engineer [Cross-posted from the Android Developers Blog] To keep users safe, most apps and devices have an authentication mechanism, or a way to prove that you’re you. These mechanisms fall into three categories: knowledge factors, possession factors, and biometric factors. Knowledge factors ask for something you know (like a PIN … Devamını oku