SAN FRANCISCO -- It feels like every week there is a new story decrying the state of malware on Android, but major reports like the 2015 Verizon DBIR and the first Android Security Report are proving Google's security efforts to be quite effective.
"One of the things we do on Android security is look at every single application that comes into Google Play, every single application that we can find on a website that you've heard of, as well as every website you haven't heard of," said Adrian Ludwig, Google's lead for Android Security. "We're really good at crawling the Web and finding that stuff."
In this interview, recorded at the 2015 RSA Conference, SearchSecurity senior reporter Michael Heller sits down with Ludwig to discuss how Google has reduced Android threats and vulnerabilities, and what plans Google has for future security improvements.
"Passwords have been basically the scourge of security since about the '70s," Ludwig said, "and so there's a lot of things we can do around having a very secure mobile device to help authenticate users when they're using other services."
Ludwig said he believes Google has moved past the point where it needs to fix inherent problems with Android and can now focus on fixing structural security problems outside of the mobile space.
Ludwig also talks about Google's vulnerability patching policy and the recent controversy surrounding a WebView vulnerability that stemmed from that policy.