Google has always worked closely with the security industry to make the products you use safer and more secure, and we wanted to highlight a few recent examples of that cooperation on Android:
- Android, now part of the Google Patch Reward Program: That’s right, Google actually pays developers when they contribute security-related patches to popular open source projects, and Android is now a part of this program. As a user, this means that you have the broader security community looking out for you and preventing possible threats, before they are acted upon.
- Security improvements in Android 4.4, from the community: In Android 4.4, we reinforced the Android sandbox (which prevents applications from extending outside of their own area and damaging other parts of a device) by putting SELinux into enforcing mode, providing one of the strongest security systems available. The core of SELinux, as well as many of the Android specific extensions have been contributed by third-parties through open source, an example of real security improvements from the community you can use today.
- Pwn2Own Mobile, with Android: Android was a contributor to the bounty in this year’s PacSec Security conference, where teams of security researchers tried to exploit popular mobile devices. And while no exploit was found in Android on the Nexus devices provided, we were ready and waiting to create a patch in the event of an exploit!
Posted by Adrian Ludwig, Android Security Engineer