Open-sourcing Sandboxed API
Posted by Christian Blichmann & Robert Swiecki, ISE Sandboxing teamMany software projects process data which is externally generated, and thus potentially untrusted. For example, this could be the conversion of user-provided picture files into different formats, or even executing...
Disclosing vulnerabilities to protect users across platforms
Posted by Clement Lecigne, Threat Analysis GroupOn Wednesday, February 27th, we reported two 0-day vulnerabilities — previously publicly-unknown vulnerabilities — one affecting Google Chrome and another in Microsoft Windows that were being exploited together.To remediate the Chrome vulnerability (CVE-2019-5786),...
Android Security Improvement update: Helping developers harden their apps, one thwarted vulnerability at a time
Posted by Patrick Mutchler and Meghan Kelly, Android Security & Privacy TeamHelping Android app developers build secure apps, free of known vulnerabilities, means helping the overall ecosystem thrive. This is why we launched the Application Security Improvement Program five...
Google Play Protect in 2018: New updates to keep Android users secure
Posted by Rahul Mishra and Tom Watkins, Android Security & Privacy Team In 2018, Google Play Protect made Android devices running Google Play some of the most secure smartphones available, scanning over 50 billion apps everyday...
How we fought bad apps and malicious developers in 2018
Posted by Andrew Ahn, Product Manager, Google PlayGoogle Play is committed to providing a secure and safe platform for billions of Android users on their journey discovering and experiencing the apps they love and enjoy. To deliver against this...
Open sourcing ClusterFuzz
Posted by Abhishek Arya, Oliver Chang, Max Moroz, Martin Barbella and Jonathan Metzman (ClusterFuzz team)Fuzzing is an automated method for detecting bugs in software that works by feeding unexpected inputs to a target program. It is effective at finding...
Introducing Adiantum: Encryption for the Next Billion Users
Posted by Paul Crowley and Eric Biggers, Android Security & Privacy TeamStorage encryption protects your data if your phone falls into someone else's hands. Adiantum is an innovation in cryptography designed to make storage encryption more efficient for devices...
Protect your accounts from data breaches with Password Checkup
Posted by Jennifer Pullman, Kurt Thomas, and Elie Bursztein, Security and Anti-abuse researchGoogle helps keep your account safe from hijacking with a defense in depth strategy that spans prevention, detection, and mitigation. As part of this, we regularly reset...
PHA Family Highlights: Zen and its cousins
Posted Lukasz Siewierski, Android Security & Privacy Team Google Play Protect detects Potentially Harmful Applications (PHAs) which Google Play Protect defines as any mobile app that poses a potential security risk to users or to user data—commonly referred to...
Google Public DNS now supports DNS-over-TLS
Posted by Marshall Vale, Product Manager and Puneet Sood, Software EngineerGoogle Public DNS is the world’s largest public Domain Name Service (DNS) recursive resolver, allowing anyone to convert Internet domain names like www.example.com into Internet addresses needed by an...
Android Pie à la mode: Security & Privacy
Posted by Vikrant Nanda and René Mayrhofer, Android Security & Privacy TeamThere is no better time to talk about Android dessert releases than the holidays because who doesn't love dessert? And what is one of our favorite desserts during...
New Keystore features keep your slice of Android Pie a little safer
Posted by Brian Claire Young and Shawn Willden, Android Security; and Frank Salim, Google Pay New Android Pie Keystore FeaturesThe Android Keystore provides application developers with a set of cryptographic tools that are designed to secure their users' data....
Tackling ads abuse in apps and SDKs
Posted by Dave Kleidermacher, VP, Head of Security & Privacy - Android & PlayProviding users with safe and secure experiences, while helping developers build and grow quality app businesses, is our top priority at Google Play. And we’re constantly...
ASPIRE to keep protecting billions of Android users
Posted by Billy Lau and René Mayrhofer, Android Security & Privacy TeamCustomization is one of Android's greatest strengths. Android's open source nature has enabled thousands of device types that cover a variety of use cases. In addition to adding...
Announcing the Google Security and Privacy Research Awards
Posted by Elie Bursztein and Oxana Comanescu, Google Security and Privacy GroupWe believe that cutting-edge research plays a key role in advancing the security and privacy of users across the Internet. While we do significant in-house research and engineering...
6 Ways Mature DevOps Teams Are Killing It in Security
New survey shows where "elite" DevOps organizations are better able to incorporate security into application security.
Ransomware drops the Lillehammer on Norsk Hydro: Aluminium giant forced into manual mode after systems scrambled
Norway the power and metals wrangler could have seen this one coming Norwegian power and metals giant Norsk Hydro is battling an extensive ransomware infection on its computers.…
Old Tech Spills Digital Dirt on Past Owners
Researcher buys old computers, flash drives, phones and hard drives and finds only two properly wiped devices out of 85 examined.
The Case of the Missing Data
The latest twist in the Equifax breach has serious implications for organizations.
Industrial Cybersecurity Firm Nozomi Launches Research Department
Industrial cybersecurity solutions provider Nozomi Networks on Tuesday announced the formal launch of the company’s research department, Nozomi Networks Labs.
read more
