At its Google I/O developer conference this week, Google shared details on the security improvements in Android 14, which include a series of APIs for safer online browsing, sign-ins, and malware protection.
In 2018, Google announced that Safe Browsing, the decade-and-a-half-old web protection against phishing, malware, and unwanted software, was enabled by default on Android, in WebView.
Now, the internet giant is introducing a new real-time API to warn users about fast-emerging malicious sites, some of which only exist for less than ten minutes in an effort to avoid block-lists.
“With the newest version of Safe Browsing, devices will do real-time blocklist checks for low reputation sites. […] With this real-time detection, we expect we’ll be able to block an additional 25% of phishing attempts every month in Chrome and Android,” Google says.
To provide Android users with an improved, safer sign-in process, Google has rolled out support for passkey log-ins to all major platforms, which is yet another step towards a long-advocated passwordless future.
Cryptographic private keys corresponding to public keys in Google’s possession, passkeys are considered the evolution of two-factor authentication (2FA), making the sign-in process simpler by completely skipping 2FA: to verify their identity, users simply need to unlock their phone.
Passkey sign-ins are already supported by a variety of online services, and Google is also helping developers incorporate passkeys in their applications, via a credential manager jetpack API that supports multiple sign-in methods on the same interface.
Android 14 also brings a new API that allows developers to limit accessibility services from interacting with their applications, to ensure that only Google Play Protect-validated applications have access to their users’ data.
This should prevent sideloaded applications, which could sometimes be unwanted software or malware, from accessing sensitive data.
Android 14 also prevents applications targeting an SDK level lower than 23 from being installed, to improve malware protections. Malicious apps often attempt to circumvent security and privacy protections by targeting older SDK levels.
The new Android release also brings modified photo/video permissions to provide users with more granular control over the media that applications can access. A new API will allow applications to recognize screenshots without having to access the user’s photos.
Earlier this year, Google also announced expanded transparency around applications’ data collection practices, as well as improved user control over that data.
Related: Google Describes Privacy, Security Improvements in Android 14
Related: Google Now Lets US Users Search Dark Web for Their Gmail ID
Related: Apple, Google Propose Standard to Combat Misuse of Location-Tracking Devices
