Adrian Ludwig Talks About Improving Android Security

Google Logo Stone Wall

Android has had a rather dark past regarding its reputation with security. Malware was supposedly spreading like wild-fire on phones, and privacy was virtually non-existent. Naturally, a ginormous company like Google wasn’t going to let allegations like this just slide. They made it clear back in 2014, to push for improved security and privacy on their devices, and to eradicate any illusion that Android was unsafe. Now Google’s lead security engineers of Android have talked about the status quo at the RSA conference in San Fransisco.

Google has an entire team, the ‘attack team’ devoted completely to reading through the source code and finding any faults or blemishes in it. It is within the API that any provocations for malware lie, but simultaneously it is within the API that all solutions lie as well. The technique of fuzzing is used to take an API, send it stuff and record the actions of it. Now this isn’t what the attack team is for – instead Google has massive data centres where an API is tested by millions and millions of constant scans that might hurt the source code. The attack team is simultaneously busy meticulously reading through all that source code.

With the help of advanced encryption and a sandbox, Android phones are generally safe to begin with. Nonetheless, about 40% of users still have a third-party security app, which according to Google isn’t a must. The security on your phone is embedded deeply within the source code and is specifically designed to be unnoticeable as not to hinder the daily experience of using your smartphone. Generally these apps only find malware that Android will have already picked up on – but it certainly won’t cause any harm.

According to Adrian Ludwig, the man who spearheads the security department for Android, malware or spyware isn’t so much the issue as plain and simple physical theft. “The percentage of people who lose their devices is like ten to twenty percent”. Alongside there’s the similar insider threat or the so called ‘person-to-person’ problem. Often users trust the wrong people with information or leave their device around the wrong person. For this reason, after having caught up drastically with malware and spyware issues, Android is now pushing features like Smart Lock with the new Android 5.0 Lollipop update. Furthermore, mobile security provider Good Technology has recently provided Android with another layer of hardware security ensuring that the container key cannot be cracked.

Another big worry was the lack of privacy with apps. Many users felt that besides malware, spyware was overly abundant with more and more apps requesting for permission to view all kinds of files on your phone. With no central authority within Android, it is understandable that these concerns arose, but they should quickly cripple when you consider that the Play Store alone runs over 200 million checks per day to scan their apps. Meanwhile Google has confirmed at the conference that less than 1% of devices have any kind of harmful app. Of course Google has always been all for public information, but the excessive accusations of apps tracking private data such as photos and SMS texts is actually a bit inaccurate. It is always up to the owner of the device, to acknowledge that they do indeed accept the app’s conditions and requirements of file access.

Google will keep striving to secure all their phones, but as it stands, they’re already far ahead of the general public’s perception. With billions of Android users, Google simply can’t afford a slacking security system, and they’ve taken the necessary actions to ensure that all their devices are far from unsafe. All that’s left now is less about improving security, but improving public perceptions about Android’s steadfast security.