For many years Android security and privacy teams fought the world’s most popular mobile operating system to make it more managed and upgradable, yet open source and easy to deploy. And while scams, malware, and rogue apps are still a real threat, Android 13’s debut in Google I/O Developers Conference the environment is less like sort mode and more like logical iteration. As Charmaine D’Silva, director of product management for Android, says, “This is the release where we put it all together.”
If anything, the big challenge for Android security and privacy right now is getting users, device makers, and developers to understand and motivate them to use the many new and recently released security features. And after so many privacy and security initiatives have been launched over the past few years, the Android team has a huge number of tasks to support and try to fix at any given time.
“We will continue to go deeper and it will be an ongoing investment, but the problem as you go deeper is that you end up fragmenting the experience, you end up inadvertently misleading users,” says Krish Vitaldevara, Sr. Director of Android Product Management. . “This is a very complex issue, and that is what we are going to solve with Android 13.”
Google Play Protect now scans about 125 billion apps a day on user devices to evaluate their behavior and try to identify security issues. And Google says its Messages app is now blocking 1.5 million spam messages a month in an attempt to reduce the number of phishing and other scams that actually reach users. And after finally introducing end-to-end encryption in messages for one-on-one text messages with the long-awaited RCS messaging standard last year, Google says it will add end-to-end encryption later this year in beta for group chats. also.
“We feel joy and hope at the same time,” says Jan Jedrzewicz, Messages product manager, to WIRED. “Excited because bringing out of the box and encrypted by default group text messages on Android is a huge upgrade for a lot of people around the world. It’s encouraging because cross-platform messaging still uses SMS/MMS and we really hope we can upgrade to a more modern and encrypted protocol.”
Android 13 overlay more restrictions and user controls for permissions given to apps and what data they can access when. For example, the operating system gives developers the ability to easily integrate Google’s “Photo Picker”, which allows users to select specific photos and videos to share with the app via a picker, rather than giving the app any access to their full photo library. . Google is increasingly relying on system access. Android already has to provide certain data to apps, turning Android into a bartender who mixes drinks rather than a cashier at a liquor store. Similarly, Android 13 now requires apps to request permission to access audio files, image files, and video files separately as part of an effort to limit access to different storage segments.
Android has already restricted apps from accessing the clipboard and notifying users when an app has taken something from it. But Android 13 adds another level by automatically deleting whatever is on your clipboard after a short amount of time. That way, apps won’t be able to detect old stuff you’ve copied over, and on top of that, you’re less likely to, say, inadvertently share a detailed list of reasons your colleague hates your company with your boss. Android 13 also continues the process of reducing the ability of apps to require location sharing for things like turning on Wi-Fi.
Android 13 requires new apps to ask for permission before they can send you notifications. And the new release expands on Android 11’s feature that automatically resets app permissions if you haven’t used it for a long time. Since its debut, Google has extended the feature to devices running Android 6, and the operating system now automatically resets over 5 billion permissions, according to the company. So a game you no longer play that had permission to access your microphone three years ago still can’t listen. And Android 13 makes it easier for app developers to proactively remove permissions if they don’t want to keep access longer than they absolutely need to.
Ensuring that Android devices around the world can receive security updates has been a major hurdle for Google, as Android’s open source spirit allows any manufacturer to deploy their own version of the operating system. To remedy the situation, the company has invested for years in a platform called Google System Updates, which breaks down the operating system into components and allows phone makers to directly push updates to various modules via Google Play. There are currently over 30 of these components, and Android 13 adds components for Bluetooth and ultra-wideband, the short-range radio technology used for things like radar.
Google is working to mitigate common vulnerabilities that can show up in software by rewriting some important parts of the Android codebase in safer programming languages like Rust and creating default settings that push developers towards a more secure direction for their own apps. The company has also been working to make its app programming interfaces more secure and has begun offering a new service called the Google Play SDK Index, which provides some transparency into commonly used software development kits so that developers can be more informed before enabling these third-party modules in their products. their applications.
Looks like Apple Privacy Labels for iOSAndroid recently added a “data security” field to Google Play to provide users with some nutritional information about how apps say they will handle your data. In practice, however, these types of disclosures are not always reliable, which is why Google offers developers the option of having their claims independently verified by a third party against the established mobile security standard. However, this process is still voluntary.
“We provide developers with all these tools to make their apps more secure, but it’s important that they can actually prove it and verify it with an independent third party, a set of labs that test an established standard,” says Eugene Liederman, director of Android. Security strategy.
Both Android and Apple’s iOS have been moving towards offering the ability to store government-issued IDs. With Android 13, Google Wallet can now store such digital IDs and driver’s licenses, and Google says it’s working with both individual states in the US and governments around the world to add support this year.
With so many things to focus on and improve on, Android 13 is trying to take an overgrown situation and curb it rather than let it spiral out of control. And Android’s D’Silva says there’s one release later this year that she’s particularly looking forward to: a sort of security center in settings that will centralize privacy and security options in one place for users. Perhaps this is a recognition that the average user is no longer able to keep track of all this on their own.
Credit: www.wired.com /