August 31st, 2017
Editor's note: The Android security team works to keep more than two billion users safe, and with the release of Android Oreo, they’ve rolled out some new security protections. We sat down with Adrian Ludwig, Director of Android Security to learn about his team, their approach to security, and what Oreo’s new protections mean for people who use and love Android.
Keyword: Talk to us a bit about what your team does.
Adrian: We build security features for Android that help keep the whole ecosystem safe. Our software engineers write code that encrypts user data, helps find security bugs faster, prevents bugs from becoming security exploits, and finds applications that are trying to harm users or their information.
How do you build these protections?
It starts with research. Because security is constantly evolving, our teams have to understand today’s issues, in Android and elsewhere, so we can provide better security now and in the future. Researchers in and out of Google are like detectives: they find new stuff, work to understand it deeply, and share it with the broader security community.
We then use those findings to make our protections stronger. We’re focused on tools like Google Play Protect and efforts like “platform hardening,” incremental protections to the Android platform itself. We’re also starting to apply machine learning to security threats, an early stage effort that we’re really excited about.
The final step is enabling all Android users to benefit from the protections. I’m really proud of the work our team has done with Google Play Protect, for example. Every day, it monitors more than 50 billion apps in Play, other app marketplaces, and across the web for potentially unsafe apps. If it finds any, we’ll prevent people from installing them and sometimes remove them from users’ phones directly. Users don’t need to do anything—this just works, automatically.
What are the challenges to protecting Android?
In security, we often talk about the trade-off between usability and protection. Sometimes, you can protect a device more effectively if there are certain things users can’t do on your device. And security is always much easier when things are predictable: for instance when all of the devices you are protecting are built the same way and can basically do the same thing.
But, Android security is different because the ecosystem is so diverse. The variety of use cases, form factors, and users forces us to be open-minded about how we should secure without limiting Android’s flexibility. We can’t possibly protect Android users with a single safeguard—our diversity of protections reflects the diversity in the Android ecosystem.
What are some of the new ways you’re protecting users in Android Oreo (not in robo- speak, please)?
Hang on, I gotta turn on Google Translate.
There are a … 0101100110 … sorry … a bunch! We’ve invested significantly in making it easier to update devices with security “patches,” fixes for potential safety problems, more commonly known as vulnerabilities. As a sidenote, you may have heard about “exploits.” If a vulnerability is a window, an exploit is a way to climb through it. The vast majority of the time, we’ll patch a vulnerability before anyone can exploit it. We have a project called Treble that makes it easier for us to work with partners and deliver updates to users. We want to close the window (and add some shutters) as quickly as possible.
We’ve also worked to improve verified boot, which confirms the device is in a known good state when it starts up, further hardened the Android kernel, which makes sure that hackers can’t change the way that code executes on a device, and evolved Seccomp which limits the amount of code that is visible to hackers. Basically, we’re moving all the windows higher so any open ones are harder to climb through.
You announced Google Play Protect earlier this year. Tell us a bit about that and why it’s important for Android users?
For several years, we’ve been building “security services” which periodically check devices for potential security issues, allow Google and/or the user to review the status, and then use that information to protect the device. These services interact with Google Play in real-time to help secure it, hence the name “Google Play Protect.”
Our goal with Google Play Protect is to make sure that every user and every device has constant access to the best protections that Google can provide. Those protections are easy to use (ironically, for many people, Google Play Protect is so easy to use that they didn’t even know it was turned on!) and they benefit from everything Google knows about the security of Android devices.
Google Play Protect isn’t available just for users with Oreo -- it guards any device with Google Play Services, running Android Gingerbread, or later.
Updates are a challenge with Android, especially in regard to security. Why is that so hard? What are you doing to improve it?
What makes Android so cool and unique—its flexibility and openness—also presents a really big security challenge. There is a broad and diverse range of devices running Android, operated by a complex collection of partners and device manufacturers around the world. It’s our responsibility to make it easy for the entire ecosystem to receive and deploy updates, but the ecosystem has to work together in order to make it happen. One approach to the problem is to make updates easier through technical changes, such as Project Treble. Another is to work with partners to better understand how updates are produced, tested, and delivered to users.
What’s the toughest part of your job?
Prioritization. Often we need to balance researching super cool, extremely rare issues with more incremental maintenance of our existing systems. It’s really important that we are laser-focused on both; it’s the only way we can protect the entire ecosystem now and longer-term.
What’s your favorite part?
I’m amazed and humbled by how many people use Android as their primary (or only) way to connect to the internet and to the broader world. We’ve still got a ton of work to do, but I’m incredibly proud of the role my team has played in making those connections safe and secure.
Ok, last question: How do you eat your Oreos?
In one bite. (But I can’t handle the Double Stufs).