The value of openness in Android security

If you use an Android phone or tablet, there are a lot of benefits that come from Android’s open nature--customization and choice are the most obvious. But an often overlooked benefit of openness is security: by developing in the open, anyone can check Android’s code to verify that it’s trustworthy or discover areas where it can be improved. Furthermore, the security community can even write code to make Android stronger and protect it against unrealized attacks.

Google has always worked closely with the security industry to make the products you use safer and more secure, and we wanted to highlight a few recent examples of that cooperation on Android:

  • Android, now part of the Google Patch Reward Program: That’s right, Google actually pays developers when they contribute security-related patches to popular open source projects, and Android is now a part of this program. As a user, this means that you have the broader security community looking out for you and preventing possible threats, before they are acted upon. 
  • Security improvements in Android 4.4, from the community: In Android 4.4, we reinforced the Android sandbox (which prevents applications from extending outside of their own area and damaging other parts of a device) by putting SELinux into enforcing mode, providing one of the strongest security systems available. The core of SELinux, as well as many of the Android specific extensions have been contributed by third-parties through open source, an example of real security improvements from the community you can use today. 
  • Pwn2Own Mobile, with Android: Android was a contributor to the bounty in this year’s PacSec Security conference, where teams of security researchers tried to exploit popular mobile devices. And while no exploit was found in Android on the Nexus devices provided, we were ready and waiting to create a patch in the event of an exploit! 
The Android team works very closely with the security research community at large to foster public discussions and implement improvements such as the ones above. This openness has helped make the Android phone or tablet you carry with you everyday much more secure.

Posted by Adrian Ludwig, Android Security Engineer