Combating Potentially Harmful Applications with Machine Learning at Google: Datasets and Models
Posted by Mo Yu, Android Security & Privacy TeamIn a previous blog post, we talked about using machine learning to combat Potentially Harmful Applications (PHAs). This blog post covers how Google uses machine learning techniques to detect and classify...
Introducing the Android Ecosystem Security Transparency Report
Posted by Jason Woloz and Eugene Liderman, Android Security & Privacy TeamAs shared during the What's new in Android security session at Google I/O 2018, transparency and openness are important parts of Android's ethos. We regularly blog about new...
A New Chapter for OSS-Fuzz
Posted by Matt Ruhstaller, TPM and Oliver Chang, Software Engineer, Google Security TeamOpen Source Software (OSS) is extremely important to Google, and we rely on OSS in a variety of customer-facing and internal projects. We also understand the difficulty...
Announcing some security treats to protect you from attackers’ tricks
Posted by Jonathan Skelker, Product ManagerIt’s Halloween 🎃 and the last day of Cybersecurity Awareness Month 🔐, so we’re celebrating these occasions with security improvements across your account journey: before you sign in, as soon as you’ve entered your...
Introducing reCAPTCHA v3: the new way to stop bots
Posted by Wei Liu, Google Product ManagerToday, we’re excited to introduce reCAPTCHA v3, our newest API that helps you detect abusive traffic on your website without user interaction. Instead of showing a CAPTCHA challenge, reCAPTCHA v3 returns a score...
Google tackles new ad fraud scheme
Posted by Per Bjorke, Product Manager, Ad Traffic QualityFighting invalid traffic is essential for the long-term sustainability of the digital advertising ecosystem. We have an extensive internal system to filter out invalid traffic – from simple filters to large-scale...
Android Protected Confirmation: Taking transaction security to the next level
Posted by Janis Danisevskis, Information Security Engineer, Android SecurityIn Android Pie, we introduced Android Protected Confirmation, the first major mobile OS API that leverages a hardware protected user interface (Trusted UI) to perform critical transactions completely outside the main...
Building a Titan: Better security through a tiny chip
Posted by Nagendra Modadugu and Bill Richardson, Google Device Security GroupAt the Made by Google event last week, we talked about the combination of AI + Software + Hardware to help organize your information. To better protect that information...
Modernizing Transport Security
Posted by David Benjamin, Chrome networkingTLS (Transport Layer Security) is the protocol which secures HTTPS. It has a long history stretching back to the nearly twenty-year-old TLS 1.0 and its even older predecessor, SSL. Over that time, we have...
Google and Android have your back by protecting your backups
Posted by Troy Kensinger, Technical Program Manager, Android Security and PrivacyAndroid is all about choice. As such, Android strives to provide users many options to protect their data. By combining Android’s Backup Service and Google Cloud’s Titan Technology, Android...
Control Flow Integrity in the Android kernel
Posted by Sami Tolvanen, Staff Software Engineer, Android SecurityAndroid's security model is enforced by the Linux kernel, which makes it a tempting target for attackers. We have put a lot of effort into hardening the kernel in previous Android...
Trustworthy Chrome Extensions, by Default
Posted by James Wagner, Chrome Extensions Product Manager Incredibly, it’s been nearly a decade since we launched the Chrome extensions system. Thanks to the hard work and innovation of our developer community, there are now more than 180,000...
Android and Google Play Security Rewards Programs surpass $3M in payouts
Posted by Jason Woloz and Mayank Jain, Android Security & Privacy TeamOur Android and Play security reward programs help us work with top researchers from around the world to improve Android ecosystem security every day. Thank you to...
Introducing the Tink cryptographic software library
Posted by Thai Duong, Information Security Engineer, on behalf of Tink teamAt Google, many product teams use cryptographic techniques to protect user data. In cryptography, subtle mistakes can have serious consequences, and understanding how to implement cryptography correctly requires...
Evolution of Android Security Updates
Posted by Dave Kleidermacher, VP, Head of Security - Android, Chrome OS, PlayAt Google I/O 2018, in our What's New in Android Security session, we shared a brief update on the Android security updates program. With the official release...
Instagram flaw exposes user passwords
A security flaw in Instagram’s recently released “Download Your Data” tool could have exposed some user passwords, the company reportedly told users.
The tool, revealed by Instagram right before the GDPR regulation went into effect, is designed to let users...
Julian Assange Charges, Japan’s Top Cybersecurity Official, and More Security News This Week
Safer browsing, more bitcoin scams, and the rest of the week's top security news.
SMS 2FA database leak drama, MageCart mishaps, Black Friday badware, and more
Plus, why is Kaspersky Lab getting into chess? Roundup What a week it has been: we had the creation of a new government agency, a meltdown flashback, and of course, Patch Tuesday.…
Is retaining a cybersecurity attorney a good idea for your business?
Cybersecurity is so complicated that businesses, large and small, are retaining legal counsel specializing in security. Learn two more steps businesses should take before a cyberattack hits.
Machine Learning Can Create Fake ‘Master Key’ Fingerprints
Researchers have refined a technique to create so-called DeepMasterPrints, fake fingerprints designed to get past security.
