We knew that Android 4.2 would see the introduction of new security features both on your device and in the Play Store, but Computerworld got a chance to speak with Android's VP of Engineering, Hiroshi Lockheimer, about the platform's beefed up security measures, specifically Android's new real-time app scanning utility.
The scanner builds on the functionality of the Play Store's existing security features by bringing app-scanning security to the frontend, scanning incoming apps from third party sources (including apps like Amazon's App Store).
The service is of course "opt-in" – when you first install a third party app on your device, you'll see a friendly popup asking if you'd like Google to check on all your incoming apps for "harmful behavior." The decision to include this feature, according to Lockheimer, came down to the idea that "security [is] a universal thing. Assuming the user wants this additional insurance policy, we felt like we shouldn't exclude one source over another."
What's impressive about this service is the speed and efficiency with which it operates. As Lockheimer indicated, every sideloaded app triggers the service, which sends identifying information about the app to Google, where it is analyzed against a known list of apps. How is this list compiled? Lockheimer explains:
We have a catalog of 700,000 applications in the Play Store, and beyond that, we're always scanning stuff on the Web in terms of APKs that are appearing. We have a pretty good understanding of the app ecosystem now, whether something's in the Play Store or not.
Most of the time – if the app you're installing is identified as safe – you'll never notice the service exists. Lockheimer adds "the server does all the hard work. The device sends only a signature of the APK so that the server can identify it rapidly." Only if you encounter an unsafe app will your installation be interrupted.
Additionally, as Computerworld notes, Android 4.2 has a refreshed app installation screen with lighter typefaces and helpful heuristic icons.
Of course, all of this comes on top of Android 4.2's SELinux, Always-On VPN, and Premium SMS confirmation that Ron dug into in his teardown last month.
For Computerworld's full story, hit the link below.
Source: Computerworld Blogs