It’s a given that most of our phones have either lousy security or great security; the chances of downloading a malicious code from Play store or others is quite high or so it used to be until recently. At the recent Google I/O 2018 one of the topics of discussion was the issue of security and although the common perception was that Apple was the one holding the torch where android security was concerned, it seems that according to Dave Kleidermacher, Google's lead for mobile security –the security where android P was concerned is on par with any other platform out there. This required taking a closer look at what he was talking about, but before that David pointed out how the issue of dangerous installation has dropped all the way down and underscored the fact that Google had a pivotal role to play in the same.
Kleidermacher further pointed out that Google had invested a lot of time and effort to not just beef up its android’s security but has honed it further to the point of detecting malicious codes even in third party apps. Needless to say, Google’s play store is a lot safer ever since Google locked down the permissions in both API and OP, and showed that Google play store no longer hosts malicious apps and as for third party apps, they are detected and eliminated on time.
Kleidermacher further elaborated that with android p user should be able to use their android for various uses that we have hitherto remained out of the domain of androids – in other words, Google is looking to break the glass ceiling.
Android protected confirmation
Kleidermacher then moved on to discuss about android protection confirmation and how this dovetails neatly with the trusted execution environment (TEE); with the TEE, confirmation screens are sequestered and sent to the users to confirm if they want to carry out a particular action. And only on confirmation does this take place. This is primarily done to protect the working environment and especially the operating system and the user. The input is then held in the TEE and so this would be immune to attacks from malware and other forms of malicious attacks. This form of protection is indeed being implemented mostly by banks to protect their customers account from unauthorized access and online theft. In fact, if you were to login to your bank’s account you should get a notification on your android regarding the same? Similarly, if you used your card for an online purchase, then your bank will require an OTP from you to help validate the transaction. That’s just one example of TEE; but as an android’s applications get more diverse with some health apps posing a risk if they were misused – Google seems to think that the time has indeed come for us to trust our androids with more sensitive tasks than before and the TTE usage is but an indication of the same.
One of the issues that most users may run into is the fact that these protected confirmations require the TEE to make it fully functional and as it is, this will require specific hardware such as a dedicated protected confirmations API; with specific hardware in place you should able to execute the TEE effectively.
Digital security and privacy
With Google firmly making it clear that it does indeed take the issue of both privacy and security very seriously and given the Cambridge analytical outbreak, it has indeed become necessary to up the ante with its android –P. With this android, it has become necessary to include a lockdown feature that locks down your phone completely and will not open until you enter the right pin. This is mainly done to provide you with both enhance privacy and security. Furthermore, Android P will contain the TLS feature as well as the DNS built in so that the end user does not have much of an issue with the same. With the current I/O Google has indeed made it crystal clear to one and all that it does take the issue of security and privacy seriously.