Android 7.1.2, April 2017 Patch Rolls Out To Nexus, Pixels

Google this week announced that it is expanding its Android certification program for hardware makers to include a new Google Play Protect logo that will help consumers find secure and stable devices. Google knows about the challenges created by its open source setup, and that's why it's taken steps to create all the other methods of reaching users directly - both via the security-oriented paths we've been discussing and via the company's ongoing deconstruction of Android The latter has resulted in an ever-increasing number of pieces typically tied to an OS being pulled apart into standalone apps that Google can update frequently and universally throughout the year.

From a consumer's standpoint, it's an annoying part of the Android platform - no two ways about it. Some manufacturers are better than others at reliably delivering updates , but even in those instances, carriers tend to muck things up and get in the way of any consistent success (especially here in the U.S., where lots of people still buy phones from carriers instead of purchasing them unlocked).

Less malware winds up in its Google Play store, devices are better encrypted, and more hackers than ever report Android bugs to Google in exchange for so-called "bug bounties." But Google has also released solid data for the first time on Android's most serious nagging security problem: The challenge of getting dozens of manufacturers and hundreds of carriers around the world to cooperate on regularly patching Android phones and tablets.

Prizes in the new Android Security Rewards program will scale depending on the impact on the system, with the largest rewards going to researchers who demonstrate how to work around Android's platform security features, like ASLR and sandboxing For example, if a researcher finds a bug and produces a test case, patch and exploit for a critical remote issue, the payout could be around $38,000.

Aside from Let's Encrypt, Peter's other work at EFF has included privacy and security projects such as Panopticlick, HTTPS Everywhere, SSDI, and the SSL Observatory; helping to launch a movement for open wireless networks; fighting to keep modern computing platforms open; and running the first controlled tests to confirm that Comcast was using forged reset packets to interfere with P2P protocols.