If you use an Android phone or tablet, there are a lot of benefits that come from Android’s open nature--customization and choice are the most obvious. But an often overlooked benefit of openness is security: by developing in the open, anyone can check Android’s code to verify that it’s trustworthy or discover areas where it can be improved. Furthermore, the security community can even write code to make Android stronger and protect it against unrealized attacks.
Google has always worked closely with the security industry to make the products you use safer and more secure, and we wanted to highlight a few recent examples of that cooperation on Android:
- Android, now part of the Google Patch Reward Program: That’s right, Google actually pays developers when they contribute security-related patches to popular open source projects, and Android is now a part of this program. As a user, this means that you have the broader security community looking out for you and preventing possible threats, before they are acted upon.
- Security improvements in Android 4.4, from the community: In Android 4.4, we reinforced the Android sandbox (which prevents applications from extending outside of their own area and damaging other parts of a device) by putting SELinux into enforcing mode, providing one of the strongest security systems available. The core of SELinux, as well as many of the Android specific extensions have been contributed by third-parties through open source, an example of real security improvements from the community you can use today.
- Pwn2Own Mobile, with Android: Android was a contributor to the bounty in this year’s PacSec Security conference, where teams of security researchers tried to exploit popular mobile devices. And while no exploit was found in Android on the Nexus devices provided, we were ready and waiting to create a patch in the event of an exploit!
Posted by Adrian Ludwig, Android Security Engineer
Hiç yorum yok :