Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Google Improves Android Security With New APIs

Google is improving Android security with new Safe Browsing real-time API, credential manager jetpack API, and new SDK API for developers.

At its Google I/O developer conference this week, Google shared details on the security improvements in Android 14, which include a series of APIs for safer online browsing, sign-ins, and malware protection.

In 2018, Google announced that Safe Browsing, the decade-and-a-half-old web protection against phishing, malware, and unwanted software, was enabled by default on Android, in WebView.

Now, the internet giant is introducing a new real-time API to warn users about fast-emerging malicious sites, some of which only exist for less than ten minutes in an effort to avoid block-lists.

“With the newest version of Safe Browsing, devices will do real-time blocklist checks for low reputation sites. […] With this real-time detection, we expect we’ll be able to block an additional 25% of phishing attempts every month in Chrome and Android,” Google says.

To provide Android users with an improved, safer sign-in process, Google has rolled out support for passkey log-ins to all major platforms, which is yet another step towards a long-advocated passwordless future.

Cryptographic private keys corresponding to public keys in Google’s possession, passkeys are considered the evolution of two-factor authentication (2FA), making the sign-in process simpler by completely skipping 2FA: to verify their identity, users simply need to unlock their phone.

Passkey sign-ins are already supported by a variety of online services, and Google is also helping developers incorporate passkeys in their applications, via a credential manager jetpack API that supports multiple sign-in methods on the same interface.

Android 14 also brings a new API that allows developers to limit accessibility services from interacting with their applications, to ensure that only Google Play Protect-validated applications have access to their users’ data.

Advertisement. Scroll to continue reading.

This should prevent sideloaded applications, which could sometimes be unwanted software or malware, from accessing sensitive data.

Android 14 also prevents applications targeting an SDK level lower than 23 from being installed, to improve malware protections. Malicious apps often attempt to circumvent security and privacy protections by targeting older SDK levels.

The new Android release also brings modified photo/video permissions to provide users with more granular control over the media that applications can access. A new API will allow applications to recognize screenshots without having to access the user’s photos.

Earlier this year, Google also announced expanded transparency around applications’ data collection practices, as well as improved user control over that data.

Related: Google Describes Privacy, Security Improvements in Android 14

Related: Google Now Lets US Users Search Dark Web for Their Gmail ID

Related: Apple, Google Propose Standard to Combat Misuse of Location-Tracking Devices

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Fraud & Identity Theft

A team of researchers has demonstrated a new attack method that affects iPhone owners who use Apple Pay and Visa payment cards. The vulnerabilities...

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

Asus patched nine WiFi router security defects, including a highly critical 2018 vulnerability that exposes users to code execution attacks.