What's new
  • Welcome to PHCorner forums. Take a moment to sign up and gain unlimited access and extra privileges that guests are not entitled to, such as: All that and more! Registration is quick, simple and absolutely free. Join our community today!

Tutorial How Google just quietly made your Android phone more secure

Status
Not open for further replies.

La Freak

Forum Expert
Joined
Jan 16, 2013
Messages
7,974
Reaction
13,061

By now, you've probably heard all about the changes introduced withYou do not have permission to view the full content of this post. Log in or register now. release. But those fresh features and bits of polish are only part of the story. One of Google's biggest changes to the Android platform is actually happening outside of the operating system -- and it's affecting almost every Android device in the world.

It's the widespread launch of a universal app-scanning system -- a system that watches your device for any new application, even one loaded directly onto the device ("sideloaded") from outside of the Google Play Store, and instantly checks the app for malicious or potentially harmful code.

That's huge. And while we've been busy focusing on new devices and fun features, Google's been busy making sure every Android user has that system on his phone -- whether he realizes it or not.

Google initially launched the feature, known as Verify Apps, with You do not have permission to view the full content of this post. Log in or register now.last November (Android VP of Engineering Hiroshi Lockheimer You do not have permission to view the full content of this post. Log in or register now. at the time). Now, Google has pulled the program out of the OS and made it automatically available to every device running Android 2.3 or higher. That covers almost every phone and tablet out there -- about 95 percent of the actively running products, according to Google's You do not have permission to view the full content of this post. Log in or register now..

How did that happen? Simple: Google made the code a part of Google Play Services, a standalone utility that's updated regularly behind-the-scenes by Google -- independent of any manufacturer or carrier rollouts. It's part of You do not have permission to view the full content of this post. Log in or register now. that we've been talking about for a while now.

The new system works alongside an automated scanning system that's You do not have permission to view the full content of this post. Log in or register now.. With the new device-level scanning added into the picture, that means every app you put on your phone -- whether from the Play Store or from an unofficial third-party source -- is now scanned, analyzed, and compared to a massive database of malicious code, all in a fraction of a second.

On the Play Store side, if something is flagged as problematic, it won't be published. On your device, if a red flag comes up -- even just for something as seemingly innocuous as an app that might send SMS messages on your behalf without your knowledge -- the system will warn you and recommend you avoid proceeding with the installation.

"We wanted to make sure those protections were available even for users who were choosing to install applications from a source other than Google Play," Android Security Engineer Adrian Ludwig tells me. "It's always been a focus for Android to make sure that we're supporting an open ecosystem and that it's possible for users to get applications that developers, for any number of reasons, aren't distributing through [the official Play Store channel]."

Just like in its original 4.2-based incarnation, the newly widespread Verify Apps feature is on by default but can be bypassed or disabled if you want. The system prompts you the first time you install something from outside of the Play Store and confirms that you want its protection; even if you opt in then, you can always disregard its advice and proceed with a flagged app installation down the road, if you're so inclined.

So in the big picture, what's this all mean? Simple: All those big, bad, scary Android malware stories we're constantly seeing are You do not have permission to view the full content of this post. Log in or register now. than ever. They've You do not have permission to view the full content of this post. Log in or register now.; all it takes is a little basic caution and common sense to avoid having your device devoured by an evil mobile genie. In the real world, the killer viruses that are so good for headlines actually affect next to no one. But now, even if you aren't careful -- even if you do carelessly download shady-looking stuff from out in the wild -- your phone will automatically protect you.

And there's the rub: That means the pay-to-play programs pushed by antivirus vendors -- the same companies that, coincidentally, are You do not have permission to view the full content of this post. Log in or register now. surrounding the big, bad Android malware of the moment -- are now completely redundant with the protection provided by the operating system itself. Not that that'll stop the vendors from trying to scare you into using their products.

Beyond the Verify Apps expansion, Android 4.3 itself includes a number of OS-level security enhancements. Perhaps most significant is the addition of a security feature called SELinux -- or You do not have permission to view the full content of this post. Log in or register now. -- which protects certain core aspects of the system's functionality.

There's also an apparently still-under-development feature known as App Ops that allows users to selectively disable permissions from installed applications. (Android, unlike other mobile operating systems, requires all apps to request specific permissions in order to gain access to any function of the device or area of user data -- and those permissions are always disclosed to the user prior to installation.) The function was You do not have permission to view the full content of this post. Log in or register now.and has yet to make its public debut.

All combined, there's less reason than ever to panic the next time the inevitable "OMG THE ANDROID MALWARE MONSTER IS COMING!!!" story comes along. And it will: If history's any indication, we'll probably see another such story and accompanying set of fear-inducing headlines within a matter of weeks.You do not have permission to view the full content of this post. Log in or register now.

But a little bit of knowledge goes a long way. Here in the real world, the monsters aren't nearly as scary as the storytellers make them out to be.
 
Status
Not open for further replies.

Online statistics

Members online
1,587
Guests online
2,167
Total visitors
3,754

Forum statistics

Threads
1,013,371
Messages
17,371,458
Members
1,486,191
Comments
683,628
Attachments
1,138,261
Profile posts
96,458
Top