With the rise Amid mercenary spyware and other targeted threats, tech giants like Apple, Google and Microsoft have spent the past few years trying to figure out how to protect the digital lives of their highest risk, most vulnerable attackers. On mobile devices, the launch of Appleās iOS lock-up mode in 2022 is a consistent effort to get rid of non-essential features for maximum security, a tradeoff that most users donāt want to make, but itās well worth it for public figures, activists, journalists or public figures living under threat of day-to-day censorship and attacks. Over the years, Google has provided a program called Advanced Protection for similar people, which focuses on adding additional surveillance and security to the Google accounts of vulnerable users, a core part of many peopleās digital lives that can cause devastating disasters if compromised. Now, Google is expanding advanced protection for the Android 16 feature suite.
On Tuesday, the company announced an advanced protection mode for running the latest version of Android. Essentially, the model is designed to be powerful security settings across all applications and services to place as much siloed data as possible and reduce interactions with unsecure web services and previously unknown, untrusted people. However, advanced protection on Android is designed to be as available and flexible as possible, however, relying on Googleās rapidly expanding device AI scanning capabilities to provide monitoring and alerts without the need for complete elimination. Still, the mode imposes restrictions that cannot be turned off, such as preventing phones from connecting to a historic 2G data network and disabling Chromeās JavaScript optimizer, which could change or break certain web features on some sites.
āThere are two categories we use to defend users. One is that you obviously want to harden the system, so you try to lock it, preventing multiple forms of attacks,ā said Dave Kleidermacher, vice president of engineering for Androidās security and privacy department. āBut two are that you canāt always prevent every attack completely. But if you can detect that youāre compromised, you can take some kind of corrective action. In consumer security on mobile devices, this detection is never actually possible, so thatās one of the important things we do here.ā
This monitoring and detection feature, known as intrusion records, uses end-to-end encryption to indeliblely store logs in your device so that Google or any party outside of you cannot access them, but cannot be deleted or modified, even if your device and Google account are compromised.
Provided by Google
Recording and system monitoring tools are common on laptops and desktops (not mentioned in enterprise IT environments), but it is more unusual to provide consumers with features on mobile devices. Like any solution to take data off a device and put it in the cloud, the system does introduce some new risks, but Google and Google Cloud Services have run many end-to-end encryption platforms for users, and Kleidermacher points out that the ability to create unavailable logs cannot be manipulated or not manipulated or deleted by mature attackers, which is unparalleled for an attacker in solving targeted attacks.
āThe main innovation here is that you have an audit log mechanism to detect compromises that are actually resistant to device tampering,ā he said. āIt brings intrusion detection to consumers. So if you are a consumer who doubts the problem and is not sure, you can pull the logs off the cloud. You can share them with security experts, you can share them with NGOs, and you can use tools to analyze them.ā
By default, another feature that cannot be turned off in Advanced Protection is Androidās Memory Tag Extension (MTE). The feature, debuted by Googleās pixel series and started adopting in processors on other devices, is a hardware security protection related to how the system manages its memory. If an attacker tries to exploit a memory vulnerability (such as a so-called buffer overflow), the MTE will cause the process to fail, thus preventing attacks in its tracks. Memory corruption errors are common tools used by hackers, so sterilizing the entire vulnerability makes attacking devices more difficult.
