Keeping the more than 1.4 billion Android devices in use safe, secure, and stable isn’t something we take lightly. That’s why multiple layers of security including application sandboxing -- which keeps data and code from one app separate from other apps -- and data encryption are built into Android. In addition to our rigorous security features, we’re doing even more including performance and IT management, to improve the experience for businesses considering Android to mobilize their workforce.
Building upon the multiple security layers of Android
Android devices come with multiple layers of security features right out of the box that protect a device from the second you turn it on. With Android Nougat, the latest version of the operating system, we’re strengthening the core of security with new features such as Direct Boot (file-based encryption) and a strict Verify Boot process to protect against compromised devices. Verify Boot checks the integrity of the software for persistent rootkits and other nefarious security breaches.
And in Android 7.0 Nougat, we’ve strengthened this feature with Strictly Enforced Verified Boot. Any indication of software corruption means the device won’t boot up or will boot into a very limited usage mode to protect user data.
A great mobile experience in the workplace would not be complete without apps. In Android, we allow businesses to keep the apps specific to work in a separate sandbox on the device so that they can’t affect other apps, system data or even hardware without permission. We’ve also improved the permissions processes so users have more control over and are better informed about what access they’re granting to an application.
To show our commitment to secure Android devices, we offer a range of rewards up to $200,000 through our Project Zero Prize contest and Android Security Rewards Program to those who can demonstrate security vulnerabilities in the Android system. These initiatives enlist the help of third-party security groups and individuals to help us find and address any security challenges as quickly as possible.
Keeping apps secure in Google Play
Reducing the amount of malware that is installed is a key focus of our commitment to Android so that business devices, and the data they have access to, are safe and secure. Helping to ensure users get their apps from Google Play is a key security strategy.
Android apps in Google Play are signed by their developer, so users know they’re getting software from the developer they know and trust, and it can’t be changed by an unknown third-party.
In 2012, we introduced Verify Apps, a tool that scans apps for malware before they even get into the Google Play store. As a second layer of defense, it also continues to scan apps already in Google Play and installed on your Android device, notifying you of a potential malware threat or even removing the app, with your permission.
How much does this help? In our Android Security Year in Review 2015, we found that fewer than 0.5 percent of all Android devices installed a potentially harmful app (PHA). And a large percentage of those came from apps installed from outside the safety of the Google Play store: Only 0.15 percent of Android devices installed a PHA from Google Play. Additionally, our Verify Apps services scanned 400 million devices daily last year, helping to bolster security on a daily basis for many Android users using Google Play.
IT administrators can take advantage of Google Play’s security benefits both for public and internal applications by disallowing app installation from "unknown sources" to ensure every installed app has been scanned by Google Play for malware. Our research from the Android Security Year in Review 2015 report shows devices that allow apps from outside of Google Play are around 10 times more likely to have PHAs than those that only install from Google Play.
Offering monthly security updates to devices and our hardware partners
A year ago, we began providing monthly security updates directly to our Nexus devices and the Android Open Source Project (AOSP). Several of our hardware partners agreed to provide them as well. Device makers such as Samsung, LG, Sony and others offer these security updates on a recurring basis, and we expect additional partners to follow suit.
We’ve also made it easy for you to see what security patch level your device has at any time with a simple date indicator. Look for the Android security patch date in the About Phone section of Settings in Android. IT administrators can remotely see the patch level on managed devices.
Additionally, we aim to update Google Play Services roughly every six weeks across the majority of Android devices in use. This allows Google to regularly delivery new security features to these devices. Verify Apps and Safety Net are two of the Google Play Services features that are updated frequently with enhanced protections. The API addition of Smart Lock for Passwords is another recent example.
Along with Google Play Services and the monthly security updates we provide to the Android ecosystem, additional layers of security are offered through ongoing services and the Safe Browsing feature in Android.
Providing centralized device management controls for IT admins
Along with our monthly security updates and services that help keep devices safe, Android provides out of the box security and management features that are simple to use in businesses of any size. And those features apply to both corporate owned as well as employee’s personal devices for BYOD (bring your own device) scenarios.
As an admin you can manage either type of Android device through a powerful web-based console and improved, fast deployment methods that now include QR code scanning.
In the case of corporate owned devices, IT administrators can use the device owner (DO) management mode to enforce policies that restrict or protect work data, require stronger passwords or PINs, enforce device encryption (expanded to file-level encryption in Android 7) and more.
Improving platform stability for apps
As the Android platform has matured and improved, it has continued to become more stable, particularly when it comes to apps.
Data from the most recent quarterly study by Blancco Technology Group illustrates this as apps crashed on 50 percent of the iOS devices it tested between April and June in 2016. In the same time period, Android apps crashed 23 percent, or less than half the rate of iOS. Blancco Technology Group notes that this is the first time Android had proven more stable for apps since the company began reporting on such data.
Blancco’s information comes from diagnostic data of the millions of handsets in North America, Europe and Asia via its SmartChk platform used for device repairs and business intelligence.
The choice is yours
Android provides the opportunity for businesses and employees to choose the right device for their needs from dozens of hardware partners. You can manage those devices and protect your company’s information by using a platform built with security in mind and our recommended best practices. To learn more about incorporating Android in your business, or see how Android has already transformed businesses, check our work site for more information.