Google enhances Android app security

Google continues to improve its developer tools so they can build secure applications for Android. With the Google Play App Security Improvement Program, developers are able to see security tips and identify potential security enhancements when the applications are uploaded to Google Play.

Topics: Android Security, Android News

Android Security Annual report details current state of Android ecosystem

Topics: Android M, Android Security

Take on Android Security with Mark Murphy

AnDevCon had a moment to talk with veteran speaker Mark Murphy, founder of CommonsWare and the author of "The Busy Coder’s Guide to Android Development," about Android secuirty (then and now) as well as how he became so well known in the Android community.

Topics: Android Security

Google’s key considerations for protecting user data in Marshmallow

Google wants to make sure developers are looking after their users’ data in their Android 6.0 Marshmallow apps. The company has provided some key best practices it believes developers should aim for when building their apps and keeping user trust in mind.

Topics: Android M, Android Security

Majority of Android vulnerabilities due to lack of security updates


Topics: Android Security

Android to get monthly security patches from Google, LG and Samsung

It looks like Google, LG and Samsung no longer have stage fright when it comes to releasing security patches. Following the revelation that there was a bug nestled in Android’s Stagefright media library that affected the majority of devices, the companies have announced they will release monthly security updates.

“With the recent security issues, we have been rethinking the approach to getting security updates to our devices in a more timely manner,” said Dong-Jin Koh, executive vice president and head of the mobile research and development office and mobile communications business at Samsung, in a statement. “Since software is constantly exploited in new ways, developing a fast response process to deliver security patches to our devices is critical to keep them protected. We believe that this new process will vastly improve the security of our devices and will aim to provide the best mobile experience possible for our users.”

(Related: All about the Stagefright vulnerability)

In the past, Google has provided Android manufacturers with monthly security notifications, but it is now turning to monthly device updates to ensure Android users’ safety. Starting this week, Google will provide Nexus devices regular OTA security updates in addition to its usual platform updates. The first update already rolled out yesterday to Nexus 4, 5, 6, 7, 10 and Nexus Player.

LG is also taking steps to ensure customer security. In an e-mail to Wired, the company wrote: “LG will be providing security updates on a monthly basis, which carriers will then be able to make available to customers immediately. We believe these important steps will demonstrate to LG customers that security is our highest priority.”

Topics: Android Security

Android vulnerability puts 95% of devices at risk, researcher says

Topics: Android Security

Google announces new bug bounty program for Android

Google is turning its security focus to Android with a newly announced security rewards program for researchers. Just last year the company gave out more than US$1.5 million to security researchers who found bugs in the company’s browser and products, but today the company is launching the Android Security Rewards program to point the effort toward its operating system.

“We’re launching Android Security Rewards to help reward the contributions of security researchers who invest their time and effort in helping us make Android more secure,” the company wrote on its website. “Through this program we provide monetary rewards and public recognition for vulnerabilities disclosed to the Android Security Team.”

(Related: Mozilla’s own bug bounty program)

The payouts will be based on bug severity and on reproductions code, test cases and patches. Currently, the payout for a moderate vulnerability is $500 and $2,000 for a critical vulnerability, but researchers could receive up to $8,000 depending on their security reports.

“The largest rewards are available to researchers that demonstrate how to work around Android’s platform security features, like ASLR, NX, and the sandboxing that is designed to prevent exploitation and protect users,” wrote Jon Larimer, Android security engineer, in a blog post.

To start, the security program will include Nexus 6 and Nexus 9 devices. In addition, the company noted that Android would continue to be a part of the Google Patch Reward Program.

“As we have often said, open security research is a key strength of the Android platform. The more security research that’s focused on Android, the stronger it will become,” Larimer wrote.

Topics: Android Security