Posted by Eugene Liderman, Android Security & Privacy Team
However layered security doesn’t just apply to the technology. It also applies to the people and the process. Both Android and Chrome OS have dedicated security teams who are tasked with continually enhancing the security of these operating systems through new features and anti-exploitation techniques. In addition, each team leverages a mature and comprehensive security development lifecycle process to ensure that security is always part of the process and not an afterthought.
Secure by design is not the only thing that Android and Chrome OS have in common. Both operating systems also share numerous key security concepts, including:
- Heavily relying on hardware based security for things like rollback prevention and verified boot
- Continued investment in anti-exploitation techniques so that a bug or vulnerability does not become exploitable
- Implementing two copies of the OS in order to support seamless updates that run in the background and notify the user when the device is ready to boot the new version
- Splitting up feature and security updates and providing a frequent cadence of security updates
- Providing built-in anti-malware and anti-phishing solutions through Google Play Protect and Google Safe Browsing
- Android 9 (Pie) scored “strong” in 26 out of 30 categories
- Pixel 3 with Titan M received “strong” ratings in 27 of the 30 categories, and had the most “strong” ratings in the built-in security section out of all devices evaluated (15 out of 17)
- Chrome OS was added in this year’s report and received strong ratings in 27 of the 30 categories.
You can see a breakdown of all of the categories in the table below:
Take a look at all of the great security and privacy enhancements that came in Pie by reading Android Pie à la mode: Security & Privacy. Also be sure to live stream our Android Q security update at Google IO titled: Security on Android: What’s Next on Thursday at 8:30am Pacific Time.