Google introduced a new system that continually scans every app on Android devices for security issues.
The system, called Google Play Protect, aims to improve Android device security by constantly updating apps and automatically taking steps against any suspicious activity uncovered by the scans. Google Play Protect, which was announced at the Google I/O 2017 conference this week in Mountain View, Calif., runs automatically in the background of Android devices and manually starting a scan is an available option.
"With more than 50 billion apps scanned every day, our machine learning systems are always on the lookout for new risks, identifying potentially harmful apps and keeping them off your device or removing them," wrote Android security product manager Edward Cunningham in a blog post. "All Google Play apps go through a rigorous security analysis even before they're published on the Play Store -- and Play Protect warns you about bad apps that are downloaded from other sources too."
Android apps in the Google Play Store have long been plagued by malware and other malicious actors, and despite efforts to mitigate these threats, Android remains a target for attackers. Google Play Protect is a larger scale effort that uses machine learning technology to look for harmful apps. Google Play Protect builds off of Google's previous app scanning tool Verify Apps, but it now plays a more significant role in Google Play.
Google also included Find My Device as part of the Play Protect release, which enables users to locate, lock or erase their Android devices if they're lost or stolen.
Google Cloud IoT Core
In another step forward, Google announced its new internet of things (IoT) management service for enterprises called Cloud IoT Core, which aims to give businesses a better way to manage IoT devices and process the abundance of data generated by those devices.
"Cloud IoT Core, using Cloud Pub/Sub underneath, can aggregate dispersed device data into a single global system that integrates seamlessly with Google Cloud data analytics services," Google said in a post, adding that the data collected from IoT devices can be used for advanced analytics, visualization, machine learning and more to "improve operational efficiency, anticipate problems and build rich models that better describe and optimize your business."
Cloud IoT Core's two main components are the device manager and the protocol bridge. The device manager configures the individual devices and offers a console management option. According to Google, the device manager is designed to verify the identity of an IoT device and authenticate it for connections, as well as allow administrators to remotely control the device from the new cloud service.
The protocol bridge connects endpoints for protocols and offers automatic load balancing for all connections. "The protocol bridge has native support for secure connection over MQTT, an industry-standard IoT protocol," Google stated. "The protocol bridge publishes all device telemetry to Cloud Pub/Sub, which can then be consumed by downstream analytic systems."
Cloud IoT Core's other security features include end-to-end certificate-based authentication and TLS 1.2, and role-level access control, among others.
In other news
- The Senate Sergeant at Arms officially sanctioned the use of the end-to-end encryption app Signal for use in the U.S. Senate. Signal encrypts messaging on Apple and Android phones, and has been used by aides to President Donald Trump, former President Barack Obama and New York Mayor Bill de Blasio following the revelations surrounding the involvement of Russian hackers with the 2016 presidential election. Signal, developed by the company Open Whisper Systems, has been the source of controversy, most recently because of a WikiLeaks release in March 2017. WikiLeaks claimed the CIA was able to bypass the encryption of secure messaging apps like WhatsApp, Wiebo and Signal. However, sources, including the Open Rights Group and ProtonMail, denied this claim and said that Signal and others are still secure means of messaging and that the CIA hadn't actually cracked the app's encryption scheme.
- WordPress has opened its bug bounty program to the public. The program had previously been running privately, but now white hat hackers can participate in the HackerOne program as well. "The security team has been working on this project for quite some time," said WordPress security team lead Aaron Campbell. "Nikolay Bachiyski started the team working on it just over a year ago. We ran it as a private program while we worked out our procedures and processes, and are excited to finally make it public." WordPress has already awarded $3,700 in bounties to seven different bug hunters. The program covers all WordPress projects, including BuddyPress, bbPress, GlotPress and WP-CLI. To submit a vulnerability to WordPress' bug bounty program, the researcher needs to include details of the vulnerability and a proof of concept. WordPress also asks that bug hunters avoid "privacy violations, destruction and modification of data on live sites."
- Electronic signature provider DocuSign suffered a data breach that lead to phishing attacks on its users. The data breach only resulted in the loss of customer and user email addresses, but the attackers then used the email addresses to send targeted phishing emails. The DocuSign users may have been expecting an email from the company, so the phishing scheme is particularly dangerous. The phishing emails used DocuSign branding and contained a link to download a Microsoft Word document that contained malware. DocuSign reported that the phishing attacks started on May 16 and suggests users delete the email immediately.
Find out how Exaspy spyware disguises itself on Android devices
Learn how firmware created an Android backdoor in budget devices
Discover how to improve Android device security for enterprises