Android Security: How Google Scans Billions Of Apps To Keep Malware At Bay
When Adrian Ludwig, director of Android Security, joined Google, he had no clue on the daunting task ahead of him. Scanning 6 billion apps and another 750 million Android devices on a daily basis for malware seemed overwhelming.
At the recent RSA Conference, Ludwig talked about his focus on making the ecosystem safe by keeping one device secure and then keeping all others secure.
With more than 5,000 different variations of Android devices and an exponentially growing and complex ecosystem, it's easier said than done.
"It's stunning to me what the ecosystem has done and how we've gone about building it," he said. "And the more I think about scale, the more overwhelming it gets."
How Does Android Security Function So Well?
When it comes to app security, isolation, data protection, or maintaining the integrity of the operating system, the mobile industry will often rely on encryption, one of the key reasons for Android OS success.
Encryption was added to Android Lollipop in 2014, but only 1 percent of the user population enjoyed the benefits.
Now, more than 80 percent of Android Nougat users make use of encryption. Google delivered security to billions of users by making it usable first before offering it by default.
Google had the foresight that the Android platform would someday become huge and powerful. Without security services, the platform would have been tough to manage.
Android has gone on to add many device security and location features such as Verify Apps, Android Device Manager, and Sensor Network.
Flagging Problematic Apps And Developers
Another new weapon for Ludwig and his Android Security team is the ability to identify problematic apps and developers before they arise to become problems to users. The team achieves this by looking into different aspects of the business, customer feedback, application behavior, and software code.
Through machine intelligence, the information is then compared with the identified problematic apps. If a high probability of issues is identified, the apps and developers are then red flagged.
Google is working on other aspects of security. The company has improved the time taken for testing security patches before deploying them to users.
Ludwig also highlighted the millions of dollars invested in delivering security updates faster. On top of that, Google also continues to support the Android Security Rewards program, which has paid more than $1 million to hundreds of freelance security researchers.
Other measures also include the introduction of new testing tools into the Android app ecosystem.