Edward Fernandez

How we fought bad apps and bad actors in 2023

Posted by Steve Kafka and Khawaja Shams (Android Security and Privacy Team), and Mohet Saxena (Play Trust and Safety)

A safe and trusted Google Play experience is our top priority. We leverage our SAFE (see below) principles to provide the framework ...

Address Sanitizer for Bare-metal Firmware

Posted by Eugene Rodionov and Ivan Lozano, Android Team

With steady improvements to Android userspace and kernel security, we have noticed an increasing interest from security researchers directed towards lower level firmware. This area has tradition...

Vulnerability Reward Program: 2023 Year in Review

Posted by Sarah Jacobus, Vulnerability Rewards Team

Last year, we again witnessed the power of community-driven security efforts as researchers from around the world contributed to help us identify and address thousands of vulnerabilities in our prod...

Improving Interoperability Between Rust and C++

Posted by Lars Bergstrom – Director, Android Platform Tools & Libraries and Chair of the Rust Foundation Board

Back in 2021, we announced that Google was joining the Rust Foundation. At the time, Rust was already in wide use across Android and ot...

Hardening cellular basebands in Android

Posted by Ivan Lozano and Roger Piqueras Jover

Android’s defense-in-depth strategy applies not only to the Android OS running on the Application Processor (AP) but also the firmware that runs on devices. We particularly prioritize hardening the cellu...

Evolving the App Defense Alliance

Posted by Nataliya Stanetsky, Android Security and Privacy Team

The App Defense Alliance (ADA), an industry-leading collaboration launched by Google in 2019 dedicated to ensuring the safety of the app ecosystem, is taking a major step forward. We are...

Qualified certificates with qualified risks

Posted by Chrome Security team

Improving the interoperability of web services is an important and worthy goal. We believe that it should be easier for people to maintain and control their digital identities. And we appreciate that policymakers workin...

Bare-metal Rust in Android

Posted by Andrew Walbran, Android Rust Team

Last year we wrote about how moving native code in Android from C++ to Rust has resulted in fewer security vulnerabilities. Most of the components we mentioned then were system services in userspace (runni...

Scaling Rust Adoption Through Training

Posted by Martin Geisler, Android team

Android 14 is the third major Android release with Rust support. We are already seeing a number of benefits:

Productivity: Developers quickly feel productive writing Rust. They report important indicators of...