Android P security improves authentication trust and data privacy

Android P security features, which were previewed at Google I/O, include notable improvements for data privacy and encryption and preventing malicious apps from spying on users. Mountain View, Calif. -- The newest Android P security enhancements make it clear that Google has been watching the news and has seen the various ways its mobile operating system has been compromised over the past year. In addition to the near constant reports of Android malware (regardless of how likely it is any of such malware makes it to users), the past year has brought spying tools that use a device's microphone and camera and a continued effort by the FBI and law enforcement to crack device encryption. Android P security includes mitigations for these issues with trusted identity verification as well as other features. Dave Kleidermacher, product security lead for Android, Google Play and Chrome OS, and Xiaowen Xin, product manager for security features in Android at Google, detailed the Android P security improvements at the company's I/O developer conference Thursday. Kleidermacher said there are "three pillars" to the Android Security Strategy -- Google Play Protect, platform engineering and the security development lifecycle (SDLC). Part of the SDLC is to push OEMs to release security patches more quickly, including adding security patch clauses to the Android OEM agreement. The efforts of Google Play Protect to reduce potentially harmful apps (PHAs) both in the Play Store and those installed from third-party sources has been a success, Kleidermacher said. "The odds of loading a PHA from Google Play is the same as getting struck by lightning."