In recent times, Google has been very active in security and privacy matters. Undoubtedly, the internet giant has made some notable decisions to make things more secure for the users. Over the past few years, the company has been criticized for how it gathers users’ data and shares it with third-parties—without asking users.
This time around, probably to save the dominance of its Android Operating System, Google is pushing to ‘up’ its game. For Android, the company uses a multi-pronged method that tracks security problems or risks every month via its Vulnerability Rewards Program (VRP).
It seems the search giant is improving Android and working to fill in the gaps that cause significant security risks. Back in 2019, Google security engineers had already fixed 21% of the security problems, such as permissions bypass flaws.
However, there’s much more going on, and Google’s up to something comprehensive.
What’s Google going to change?
For some time now, Google’s popular operating system has been lagging, providing a gateway to malware and bugs. Around 59% of the high-end problems were detected as memory issues, including overflows and corrupt memory.
The memory issues are often tackled on networks like Windows10, Java, and Chrome. The engineer’s team at Google has highlighted that security bugs in Chrome are subject to 70% memory safety flaws.
Similarly, in February 2019, the Microsoft engineers pointed out the same problem and said that over 70% of all the bugs occur from memory safety problems.
Google is looking forward to investing in memory-safe program languages such as Rust, Java, and Rust. The developers are insisting on moving to this memory-safe platform to make things work in favor—bringing more security. Moreover, the company intends to improve C and C++’s safety, which have been facing issues.
Through changes in these programming languages, Google’s transformation in Android would tighten the operating system and have a much more robust network to protect against malware.
The problems in the Android system
Google has reported that enhancement in its OS security vulnerabilities detection has limited the Android network’s critical issues. The company said that they did not receive a single report regarding exploitable critical malware in Android last year.
In the past year, the company has worked excessively on its operating system risks. In the meantime, Google has solved various problems such as bug fixing in the Bluetooth, media, and NFC objects.
Google has pointed that its engineers are examining the security and performance trade-offs. Moreover, the engineers are thinking of adding extra mitigations to improve Android security. The most popular mitigations in Google’s OS include sandboxing, Control Flow Integrity (CFI), Memory Tagging, Address Space Layout Randomization (ASLR), and Stack Canaries.
The American multinational technology firm has stated that they want to ensure that the changes in Android positively affect the user experience.
Making too many changes to the operating system can fire back too, reducing battery life and making the device less responsive. So, the engineers scrutinize things to ensure that they make Android more secure and improve the user experience simultaneously.