With the latest so called “Master Key” exploit attracting widespread attention, Google had to act quick, and it really did. It issued a patch that took care of the vulnerability to its OEM partners, and patched the Play Store almost immediately. Problem solved, right? Not quite, as you probably thought. Despite Google's best intentions, OEMs are infamous for their slow update cycles, and there was no telling exactly when the critical mass of Android devices would be protected from a threat that was already spreading in the wild.
Fortunately for everybody involved, word has gotten out that Google has, in a brilliant move, bolstered the security of some 95% of devices out there, and here's how. Remember Bouncer? It's Google's watchdog overseeing the security of its proprietor's Play Store. Well, with Android 4.2, Google introduced some of the functionality of Bouncer and called it Verify Apps. The new service would watch for each and every app that you download regardless of its source – be it the original app store or a side-loaded app from a third-party store – and guard you against attacks.
So where does that 95% figure come from? According to ComputerWorld, Google has made the Verify Apps service a part of the entire Google Play Services package (think Gmail, Maps and Youtube), and it is available for every single device running Android 2.3 Gingerbread and above. Or about 95% of all Android devices, according to Google's own stats.
The ramifications of this are huge, folks! By deconstructing Android in this way, Google will be able to skip the glacier-slow OEMs and be able to issue security updates largely on its own. With this, and the recently unearthed “Apps Ops” feature making its debut in Android 4.3, Google really seems to have stepped up its game in terms of security, and we're the happier for it.