Android as a platform hasn't historically been known for its security – quite the opposite, in fact: there's been tons of reports of malware infecting the operating system, and even Google's own Play Store. But the company has stated its intent to combat the problem many times, and this has led to implementing several measures to that effect, such as the now-standard monthly security updates. Today, Google has released its yearly security report for the platform, highlighting what it did to fight the problem of Android malware throughout 2016.
a future Stagefright-like attack, along with many other, smaller changes.First of all, with the launch of Android 7.0 Nougat, Google added several new behind-the-scenes features designed to enhance security. First of them is a streamlined our boot-up process, which makes installing OTA updates much easier to install. Along with it came support for file-based encryption, and a re-architecturing of components to prevent
Besides this, Google took some measures to encourage security best practices among Play Store developers, too, which includes launching 18 campaigns to notify devs of vulnerabilities. Also, the company has its own set of tools to protect users, with its Verify Apps feature built into every Play Services-enabled phone automatically scanning apps for malicious code.
Google is also sponsoring its own Android Security Rewards Program, which sponsors security researchers who find and report vulnerabilities in the OS, and has paid nearly one million dollars to 125 research teams. Besides that, the company also participated in external vulnerability finding competitions, which led to patches made for less than 24 and supplied to users in less than a month.
But the company didn't just boast about its own security practices, as it also released a list of Android devices with the most security patches for 2016: Google Pixel, Google Pixel XL, Motorola Moto Z Droid, Oppo A33W, Nexus 6P, Nexus 5X, Nexus 6, OnePlus 3, Samsung Galaxy S7, Asus Zenfone 3, bq Aquarius M5, Nexus 5, Vivo V3Max, LG V20, and Sony Xperia X Compact. Curiously enough, several of the major Chinese manufacturers, such as Xiaomi and Huawei, are nowhere to be found on this list.
As good as all of this this sounds, however, Google fixing security problems has little effect on the end user, unless manufacturers then distribute these fixes in software updates. While many vendors have upped their game since the inception of the monthly security updates program, Android's weakest point is still updates, as evidenced by the abysmal Nougat adoption rates. Still, things seem to slowly be getting better, so here's hoping 2017 becomes the year when manufacturers start regularly updating their devices.