Google Online Security Blog: I/O 2024: What's new in Android security and privacy

As their tactics evolve in sophistication and scale, we continually adapt and enhance our advanced security features and AI-powered protections to help keep Android users safe.
Today, we're announcing more new fraud and scam protection features coming in Android 15 and Google Play services updates later this year to help better protect users around the world.
We're also sharing new tools and policies to help developers build safer apps and keep their users safe.
Google Play Protect now scans 200 billion Android apps daily, helping keep more than 3 billion users safe from malware.
We are expanding Play Protect's on-device AI capabilities with Google Play Protect live threat detection to improve fraud and abuse detection against apps that try to cloak their actions.
With live threat detection, Google Play Protect's on-device AI will analyze additional behavioral signals related to the use of sensitive permissions and interactions with other apps and services.
If suspicious behavior is discovered, Google Play Protect can send the app to Google for additional review and then warn users or disable the app if malicious behavior is confirmed.
The detection of suspicious behavior is done on device in a privacy preserving way through Private Compute Core, which allows us to protect users without collecting data.
Protecting One-time Passwords from Malware: With the exception of a few types of apps, such as wearable companion apps, one-time passwords are now hidden from notifications, closing a common attack vector for fraud and spyware.
Expanded Restricted Settings: To help protect more sensitive permissions that are commonly abused by fraudsters, we're expanding Android 13's restricted settings, which require additional user approval to enable permissions when installing an app from an Internet-sideloading source.
Choose What You Share: Currently available on Pixel, other Android devices will also have the ability to share just one app's content rather than your whole screen to help preserve your screen privacy.
We're adding new advanced cellular protections in Android 15 to defend against abuse by criminals using cell site simulators to snoop on users or send them SMS-based fraud messages.
Safeguarding apps from scams and fraud is an ongoing battle for developers.
The Play Integrity API lets developers check that their apps are unmodified and running on a genuine Android device so that they can detect fraudulent or risky behavior and take actions to prevent attacks and abuse.
Risk From Screen Capturing or Remote Access: Developers can check if there are other apps running that could be capturing the screen, creating overlays, or controlling the device.
This is helpful for apps that want to hide sensitive information from other apps and protect users from scams.
This is particularly valuable for financial and banking apps, adding another layer of security to protect user information.
Developers can decide how their apps respond to these signals, such as prompting the user to close risky apps or turn on Google Play Protect before continuing.
Starting this year, apps on Play must demonstrate that they require broad access to use the photo or video permissions.
We're constantly evolving our multi-layered user protections - combining the power of advanced AI with close partnerships across OEMs, the Android ecosystem, and the security research community.


This Cyber News was published on security.googleblog.com. Publication date: Wed, 15 May 2024 19:28:07 +0000


Cyber News related to Google Online Security Blog: I/O 2024: What's new in Android security and privacy