Connect with us

Hi, what are you looking for?


Mobile & Wireless

Google Improves Android Security With New APIs

Google is improving Android security with new Safe Browsing real-time API, credential manager jetpack API, and new SDK API for developers.

At its Google I/O developer conference this week, Google shared details on the security improvements in Android 14, which include a series of APIs for safer online browsing, sign-ins, and malware protection.

In 2018, Google announced that Safe Browsing, the decade-and-a-half-old web protection against phishing, malware, and unwanted software, was enabled by default on Android, in WebView.

Now, the internet giant is introducing a new real-time API to warn users about fast-emerging malicious sites, some of which only exist for less than ten minutes in an effort to avoid block-lists.

“With the newest version of Safe Browsing, devices will do real-time blocklist checks for low reputation sites. […] With this real-time detection, we expect we’ll be able to block an additional 25% of phishing attempts every month in Chrome and Android,” Google says.

To provide Android users with an improved, safer sign-in process, Google has rolled out support for passkey log-ins to all major platforms, which is yet another step towards a long-advocated passwordless future.

Cryptographic private keys corresponding to public keys in Google’s possession, passkeys are considered the evolution of two-factor authentication (2FA), making the sign-in process simpler by completely skipping 2FA: to verify their identity, users simply need to unlock their phone.

Passkey sign-ins are already supported by a variety of online services, and Google is also helping developers incorporate passkeys in their applications, via a credential manager jetpack API that supports multiple sign-in methods on the same interface.

Advertisement. Scroll to continue reading.

Android 14 also brings a new API that allows developers to limit accessibility services from interacting with their applications, to ensure that only Google Play Protect-validated applications have access to their users’ data.

This should prevent sideloaded applications, which could sometimes be unwanted software or malware, from accessing sensitive data.

Android 14 also prevents applications targeting an SDK level lower than 23 from being installed, to improve malware protections. Malicious apps often attempt to circumvent security and privacy protections by targeting older SDK levels.

The new Android release also brings modified photo/video permissions to provide users with more granular control over the media that applications can access. A new API will allow applications to recognize screenshots without having to access the user’s photos.

Earlier this year, Google also announced expanded transparency around applications’ data collection practices, as well as improved user control over that data.

Related: Google Describes Privacy, Security Improvements in Android 14

Related: Google Now Lets US Users Search Dark Web for Their Gmail ID

Related: Apple, Google Propose Standard to Combat Misuse of Location-Tracking Devices

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

The February 2023 security updates for Android patch 40 vulnerabilities, including multiple high-severity escalation of privilege bugs.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.


A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.