Android and Google Play Security Rewards Programs surpass $3M in payouts
Posted by Jason Woloz and Mayank Jain, Android Security & Privacy TeamOur Android and Play security reward programs help us work with top researchers from around the world to improve Android ecosystem security every day. Thank you to...
Introducing the Tink cryptographic software library
Posted by Thai Duong, Information Security Engineer, on behalf of Tink teamAt Google, many product teams use cryptographic techniques to protect user data. In cryptography, subtle mistakes can have serious consequences, and understanding how to implement cryptography correctly requires...
Evolution of Android Security Updates
Posted by Dave Kleidermacher, VP, Head of Security - Android, Chrome OS, PlayAt Google I/O 2018, in our What's New in Android Security session, we shared a brief update on the Android security updates program. With the official release...
A reminder about government-backed phishing
Posted by Shane Huntley, Threat Analysis GroupTLDR: Government-backed phishing has been in the news lately. If you receive a warning in Gmail, be sure to take prompt action. Get two-factor authentication on your account. And consider enrolling in the...
Expanding our Vulnerability Reward Program to combat platform abuse
Posted by Eric Brown and Marc Henson, Trust & SafetySince 2010, Google’s Vulnerability Reward Programs have awarded more than $12 million dollars to researchers and created a thriving Google-focused security community. For the past two years, some of these...
Google Public DNS turns 8.8.8.8 years old
Posted by Alexander Dupuy, Software EngineerOnce upon a time, we launched Google Public DNS, which you might know by its iconic IP address, 8.8.8.8. (Sunday, August 12th, 2018, at 00:30 UTC marks eight years, eight months, eight days and...
Mitigating Spectre with Site Isolation in Chrome
Posted by Charlie Reis, Site IsolatorSpeculative execution side-channel attacks like Spectre are a newly discovered security risk for web browsers. A website could use such attacks to steal data or login information from other websites that are open in...
Compiler-based security mitigations in Android P
Posted by Ivan Lozano, Information Security Engineer Android's switch to LLVM/Clang as the default platform compiler in Android 7.0 opened up more possibilities for improving our defense-in-depth security posture. In the past couple of releases, we've rolled out additional...
Better Biometrics in Android P
Posted by Vishwath Mohan, Security EngineerTo keep users safe, most apps and devices have an authentication mechanism, or a way to prove that you're you. These mechanisms fall into three categories: knowledge factors, possession factors, and biometric factors. Knowledge...
End-to-end encryption for push messaging, simplified
Posted by Giles Hogben, Privacy Engineer and Milinda Perera, Software Engineer Developers already use HTTPS to communicate with Firebase Cloud Messaging (FCM). The channel between FCM server endpoint and the device is encrypted with SSL over TCP. However,...
Insider attack resistance
Posted by Shawn Willden, Staff Software EngineerOur smart devices, such as mobile phones and tablets, contain a wealth of personal information that needs to be kept safe. Google is constantly trying to find new and better ways to protect...
Keeping 2 billion Android devices safe with machine learning
Posted by Sai Deep Tetali, Software Engineer, Google Play ProtectAt Google I/O 2017, we introduced Google Play Protect, our comprehensive set of security services for Android. While the name is new, the smarts powering Play Protect have protected Android...
Google CTF 2018 is here
Posted by Jan Keller, Security TPMGoogle CTF 2017 was a big success! We had over 5,000 players, nearly 2,000 teams captured flags, we paid $31,1337.00, and most importantly: you had fun playing and we had fun hosting!Congratulations (for the...
Leveraging AI to protect our users and the web
Posted by Elie Bursztein, Anti-Abuse Research Lead - Ian Goodfellow, Adversarial Machine Learning Research LeadRecent advances in AI are transforming how we combat fraud and abuse and implement new security protections. These advances are critical to meeting our users’...
DNS over TLS support in Android P Developer Preview
Posted by Erik Kline, Android software engineer, and Ben Schwartz, Jigsaw software engineerThe first step of almost every connection on the internet is a DNS query. A client, such as a smartphone, typically uses a DNS server provided by...
Breach at US Retailer SHEIN Hits Over Six Million Users
Breach at US Retailer SHEIN Hits Over Six Million UsersUS fashion retailer SHEIN has admitted suffering a major breach affecting the personal information of over six million customers.
The women’s clothing company revealed at the end of last week that...
Bug? Feature? Power users baffled as BitLocker update switch-off continues
Microsoft claims issue confined to older kit Three months on, users continue to report that Microsoft's BitLocker disk encryption technology turns itself off during security updates.…
UK issues first-ever GDPR notice in connection to Facebook data scandal
Canadian firm AggregateIQ, linked to the Facebook & Cambridge Analytica data scandal, is the first to be put on notice.
Symantec Completes Internal Accounting Investigation
Symantec announced on Monday that it has completed its internal accounting audit, and while some issues have been uncovered, only one customer transaction has an impact on financial statements.
read more
Are Colleges Teaching Real-World Cyber Security Skills?
The cybersecurity skill shortage is a well-recognized industry challenge, but the problem isn’t that there are too few people rather that many of them lack suitable skills and experience. Cybersecurity is a fast-growing profession, and talented graduates are in...
