March 22nd, 2018
Device security is of paramount importance to enterprises. It’s why the Android Security team (and many other teams at Google) continuously work to improve protections across more than 2 billion active Android devices.
To ensure customers, partners, and Android users are up to date on our ongoing work, we recently published the fourth annual Android Security Year in Review. This document details improvements to Google’s security offerings in Android, updated platform features, and key metrics that inform our initiatives.
While the report provides a broad view of the breadth of the security work across the ecosystem, there are important highlights for our enterprise users.
Enterprise-grade security in Android
In 2017 we launched Google Play Protect, Android’s built-in device, data, and apps security scanning technology. Google Play Protect protects users from potentially harmful apps (PHA) in real-time and uses cloud-based services for analyzing device and app data to identify possible security concerns.
Every day, Google Play Protect automatically reviews more than 50 billion apps, other potential sources of PHAs, and checks devices, warning users about potential harm. These automatic reviews enabled us to remove nearly 39 million PHAs last year.
Enterprises can leverage Google Play Protect with managed Google Play, a curated Google Play Store for enterprise customers. By using managed Google Play, an organization can ensure that team members are selecting prescribed apps for work that are secured through Google Play Protect. Last year, the number of 30-day active devices running managed Google Play increased by 2,000 percent.
We also introduced a bundle of new security features in Android Oreo, making it safer to get apps, dropping insecure network protocols, providing more user control over identifiers, and hardening the kernel.
In its second year, the Android Security Rewards program paid researchers $1.28 million in 2017 for work identifying potential vulnerabilities in Android. We also introduced the Google Play Security Rewards Program for developers that discover and disclose select critical vulnerabilities in apps hosted on Play.
Additionally we launched zero-touch enrollment, a fast and secure method for simplified provisioning of corporate-distributed devices. Our focus on security starts from the moment a device is powered on, through deployment, and during daily interaction with apps and services.
Our efforts continue into 2018. We recently launched the Android Enterprise Recommended program for OEMs, which addresses the pain point that many organizations face when choosing devices for large deployments. Our program features a curated selection of devices that meet common requirements for security (including which devices are getting regular security patches), and supported features, all validated by Google.