Placeholder Image

Subtitles section Play video

  • [MUSIC PLAYING]

  • DAVE KLEIDERMACHER: Hello, and welcome to the Android P

  • edition of what's new in Android security.

  • My name is Dave.

  • I lead mobile security here at Google.

  • And in a few minutes, I'll hand it over

  • to Xiaowen, who is the lead security product manager

  • for the Android platform.

  • We have a lot of ground to cover,

  • so we'll start with a brief state of the union on Android

  • security, and then jump into all the really cool things

  • we've been working on in Android security over the past year

  • and launching here at Android P, including secure hardware

  • support advancements, lock screen authentication,

  • integrity, and privacy.

  • So state of the union.

  • Let's talk a little bit about what the Android security

  • strategy looks like.

  • There are really three main pillars.

  • First, Google Play Protect.

  • This is the malware protection and mobile security services

  • that run on over 2 billion Android devices today.

  • The second pillar is platform engineering.

  • These are the core operating system defenses

  • that we build into Android to improve security to systems,

  • such as SELinux, control-flow integrity protection, which

  • we've been investing in a lot in P, and encryption,

  • verified boot, lots of other features.

  • The third pillar is the security development lifecycle.

  • These are all the programs that we put in place

  • to ensure a consistent, high-quality level for security

  • across the Android ecosystem.

  • So this includes things like testing infrastructures,

  • and also includes our security patching programs.

  • We've been working really hard on that.

  • A couple of things we are investing in,

  • we've been trying to make Android just easier to patch.

  • So Google, we have a pretty steady track record

  • for years now every single month delivering those patches

  • to the market.

  • But we want to make sure that all Android OEMs are delivering

  • patches regularly to their devices

  • as well, not just Google's devices.

  • And so making Android more modular like with projects

  • like Treble really help contribute to that.

  • We've also worked on building security patching into our OEM

  • agreements.

  • Now, this will really lead to a massive increase

  • in the number of devices and users

  • receiving regular security patches.

  • So we're really excited about that.

  • But there are a couple of also really important

  • philosophical principles that underlie everything

  • we do when it comes to security.

  • We believe in transparency and openness,

  • because that breeds confidence and it breeds trust.

  • Conversely, a closed platform, secrecy, that breeds distrust.

  • But actually, there's a really important security advantage

  • to be open.

  • Today's mobile devices are faced with really sophisticated

  • attack threats.

  • When you have billions of users, it's an attractive target.

  • And so it deserves the strongest possible defense.

  • With a closed platform, the defenders

  • are the employees of the one company that owns the platform.

  • But with Android, we have the thousands of Googlers

  • that wake up every morning thinking

  • about how best to protect users and our platforms.

  • We have the device manufacturers who have their own security

  • team to work closely with Google on protecting

  • Android and its users.

  • We have the microprocessor manufacturers--

  • Arm, Intel, Qualcomm, Broadcom, and others,

  • also with their security teams helping to protect Android.

  • We have the worldwide open-source Linux community

  • contributing to Android security every day.

  • We have the academic research community,

  • which simply prefer working on open platforms.

  • So this is a mass force multiplier in protection.

  • And as operating systems have matured, the power of open

  • has really become evident to the point

  • where today, the protective capabilities of Android

  • are now on par with any other mobile platform.

  • And I strongly believe that the power of open

  • will accelerate those protective capabilities

  • for our users going forward.

  • The other really important philosophy

  • that underlies our strategy is measurability.

  • We always look for objective independent measurements

  • to help not only inform the work that we

  • do to ensure we're investing in the right directions,

  • but also to measure progress.

  • And so one example you see here is the incidence

  • of malware or Potentially Harmful Applications

  • we call PHA on devices.

  • The bottom curve are devices that load only from Play,

  • and the top curve are devices that load

  • from sources other than Play.

  • And you can see over time, it's been reducing across all users.

  • So we are committed to protecting users,

  • regardless of where they get their applications from.

  • But this improvement is due to many things.

  • It's locking down APIs and permissions over time.

  • We're constantly looking at that.

  • And it's investing in the malware detection

  • engine itself.

  • Today, 60% of malware is detected

  • through machine learning.

  • And that's been one area of big investment for us.

  • Over the past year, we've had a 50% reduction in PHA on Play.

  • And so we're really happy with the progress,

  • but certainly, we're not content with where we stand today.

  • Although, I will say that the odds of loading a PHA from Play

  • is about the same as being struck by lightning.

  • So it is a safe place to live on your mobile life,

  • but we're going to continue to invest tremendously

  • in this area.

  • Another really important measurement

  • is the overall ability of the operating system

  • to protect itself against exploitation.

  • In any complex product, there are going to be bugs.

  • But there's no reason why bugs have to lead

  • to exploitation to harm users.

  • And so we work really hard on building

  • features and improvements that make

  • Android much more difficult and expensive to exploit.

  • So how do you measure how well you're doing?

  • Well, lots of people want to purchase exploits.

  • There's a vibrant market for that.

  • And as exploits get more difficult, of course,

  • the law of supply demand, the prices are going to go up.

  • And so we watch the pricing over time.

  • And there's a number of different markets

  • you can look at.

  • On the left-hand side, you see the device manufacturers

  • rewards programs.

  • So the green bars are Google's rewards programs,

  • which now are paying out the highest

  • rewards in the industry.

  • Another market you can look at are the elite hacking contests,

  • like Mobile Pwn2Own.

  • And you can see on the graph on the right,

  • the price of Android exploits has risen each year

  • to the point where now this is the most recent event

  • a few months ago.

  • The pricing for Android is on par with other platforms.

  • And if you haven't seen the results,

  • Android performed quite well in that event.

  • Another market is the gray market.

  • It's independent researchers and brokers

  • who will sell exploits to the highest bidder.

  • This market is a little bit harder to track,

  • but we have connections to a lot of researchers out there.

  • And again, anecdotally, what we're seeing

  • is the price of exploitation on Android

  • is now as high or higher than any other platform.

  • So this is really great.

  • We're happy with the progress, but we continue

  • to invest in all these areas.

  • And now let's switch gears and talk about some

  • of the new emerging features in Android P,

  • starting with the feature called Android Protected Confirmation.

  • So the problem here is in today's secure mobility,

  • we use mobile devices for much more than we ever did before,

  • much more critical things.

  • But there's still a ceiling of trust

  • that we haven't quite broken through.

  • We don't vote for prime minister or president from our phones.

  • We don't program life-critical medical devices like an insulin

  • pump from our phones.

  • We don't have our passports built into our phones.

  • It is our goal to break through that ceiling,

  • and Android Protected Confirmation

  • is a bold step in that direction.