Safeguarding user security on Android
Summary
TLDRこのビデオスクリプトでは、Androidチームがユーザーのセキュリティとプライバシーを強化する最新アップデートについて紹介しています。2023年に実施した取り組みとして、200万台以上の規約違反アプリの公開を阻止し、悪質な開発者アカウントを300,000件以上BANにし、Google Play Protectによるリアルタイムアプリスキャンを導入。Android 15では、画面共有のデフォルト範囲を1つのアプリに限定し、デバイス盗難対策を強化し、プライベートスペース機能を追加しています。また、Play Integrity APIの新機能も紹介されています。これらの取り組みにより、安全で信頼できるユーザー体験を維持することが期待されます。
Takeaways
- 🛡️ Androidチームは、ユーザーのセキュリティとプライバシーを強化するために、毎年ユーザ保護を強化し、Google Playでの安全で信頼できるアプリの基準を引き上げています。
- 🚫 2023年には、200万台以上のポリシー違反アプリの公開を阻止し、30万台以上の悪質な開発者アカウントを禁止しました。
- 💻 Google Play Protectは、これまでにスキャンされていないアプリがインストールされる際にリアルタイムアプリスキャンを推薦する機能を追加しました。
- 🔍 Play Protectは新たに50万台の悪意のあるアプリを特定し、その結果として300万回の新しい警告を発行しました。
- 📱 Android 15では、画面共有のデフォルト範囲を単一アプリに変更し、ユーザーが必要な情報のみを共有できるようにしています。
- 🔒 Android 15では、画面共有セッション中に表示される通知の内容を保護し、ワンタイムパスワードを含む通知を検出した場合、アプリアクティビティウィンドウを自動的に隠します。
- 🏢 Androidは、デバイスの盗難からユーザーを保護するために、デバイスへの不正アクセスを強化し、データ保護を強化しています。
- 🔐 新しい遠隔ロック機能を追加し、ユーザーがGoogleアカウントパスワードを忘れていてもデバイスを遠隔でロックできます。
- 📷 Google Playは、アプリがメディアパーミッションを要求する場合、そのアプリがその機能に必要な場合にのみアクセスできるようにポリシーを強化しました。
- 📱 Play Integrity APIを使用すると、アプリとビジネスを攻撃と悪用から保護し、偽造アプリからの保護を強化できます。
- 🆕 Android 15では、意図しない背景アクティビティの起動を防ぐための新たな保護機能が追加され、アプリのセキュリティが向上します。
Q & A
2023年でAndroidチームはどのくらいのポリシー違反アプリを公開から防ぎましたか?
-2023年には、Androidチームがポリシー違反アプリを200万件以上公開から防ぎました。
Androidチームは2023年に開発者アカウントを禁止した数について教えてください。
-2023年には、Androidチームが悪意のある開発者アカウントを30万件以上禁止しました。
Google Play Protectはどのようにして新しい脅威を検出していますか?
-Google Play Protectは、未検出のアプリをインストールする際にリアルタイムアプリスキャンを推薦し、新たに現れるセキュリティ脅威をより迅速に検出しています。
Android 15ではスクリーンシェアリングのデフォルトスコープはどのように変更されますか?
-Android 15では、スクリーンシェアリングのデフォルトスコープを単一のアプリに変更し、ステータスバーやナビゲーションバー、通知などのシステムUI要素は共有表示から除外されます。
Android 15では通知の内容をスクリーンシェアセッション中に保護する方法について説明してください。
-Android 15では、スクリーンシェアセッション中に表示される通知の内容を保護し、リモートビューワーがユーザーの通知を見ることができなくなります。ワンタイムパスワードを含む通知がポストされた場合、プライベートバージョンが表示されます。
Androidチームはデバイス盗難からユーザーを保護するために2023年に行った取り組みについて教えてください。
-Androidチームはデバイス盗難からユーザーを保護するために、デバイスを強化し、データ保護を強化して盗賊にとっての魅力を低減しました。また、新しいリモートロック機能やプライベートスペース機能を追加して、デバイスが悪意のある手によって奪われてもアプリに対する保護を強化しました。
Play Integrity APIはどのような機能を提供していますか?
-Play Integrity APIは、アプリがGoogle Play経由でインストールされた本物のAndroidデバイスで実行されていることを確認し、アプリとビジネスを攻撃や悪用から守るのに役立ちます。重要な瞬間にAPIを呼び出し、Googleからの整合性トークンを取得し、アプリのバックエンドサーバーでそれを復号化して整合性判断を得ることができます。
Android 15では意図しないバックグラウンドアクティビティの起動をどのように防止する予定ですか?
-Android 15では、PendingIntentの作成者がバックグラウンドアクティビティの起動をデフォルトでブロックし、システムがバックグラウンドアクティビティの起動を制限しない場合でも、悪意のあるアプリがPendingIntentを取得してトリガーしないように更新します。
Android 15でのインテントの安全化に関するアップデートについて教えてください。
-Android 15では、開発者がアプリのインテントが他のアプリのインテントフィルタと不一致になるのを特定するのに役立つツールを追加しました。また、Strict Modeを有効にすると、開発者はLogcatで不一致を違反として確認し、インテントを更新するように促されます。
Androidチームはユーザーの写真とビデオへのアクセスをどのように制限していますか?
-Androidチームは、写真やビデオへのアクセスを制限するために、Google Playのポリシーを発表し、アプリがメディアへのアクセスを必要とする場合に限り、そのコアユースケースに対して必要な場合にのみアクセスを許可する必要があります。
Outlines
📱 Androidセキュリティとプライバシーの最新情報
Dom ElliottはAndroidチームのTinaとSabsと共に、Androidユーザーのセキュリティとプライバシーを強化する最新の更新情報を紹介します。2023年には200万以上の規約違反アプリを防ぎ、300,000以上の悪質な開発者アカウントを禁止し、毎日2000億以上のアプリをスキャンし、セキュリティ研究者に1000万ドル以上の報酬を支払いました。Google Play Protectがリアルタイムのアプリスキャンを推奨する新機能も導入され、500,000以上の新しい悪意のあるアプリを特定し、300万以上の警告を発行しました。Tinaは詐欺、詐欺行為、デバイス盗難からユーザーを保護する最新のAndroid機能について話し、Domは新しいIntegrity API機能を紹介し、SabsはAndroid 15の最も重要なセキュリティ変更について詳細を説明します。
🛡️ 詐欺、詐欺行為、デバイス盗難からの保護
Tina Sriskandarajahは、Androidのフレームワークのプロダクトマネージャーとして、ユーザーのデータを表示および管理するための新しい保護機能を紹介します。特にスクリーン共有の改善、デバイス盗難の検出と対策、プライベートスペース機能について詳しく説明します。スクリーン共有では、デフォルトで単一のアプリのみに制限され、通知やシステムUI要素は共有されません。また、スクリーン共有中に表示される通知の内容を保護し、ワンタイムパスワードを含む通知が表示されるときには、リモートビューアに空白の画面を表示する新機能を導入します。さらに、デバイス盗難からの保護として、PINや生体認証保護アプリに複数回ログイン失敗した場合や、特定の設定変更時に認証を要求する機能を追加します。
🔐 Play Integrity APIの新機能
Dom Elliottは、Play Integrity APIの新機能について説明します。このAPIは、ユーザーの行動やサーバーリクエストが改ざんされていないアプリからのものであり、Google Playによってインストールされ、正規のAndroidデバイスで動作していることを確認するのに役立ちます。新機能として、アプリアクセスリスク、Play Protectの評価、最近のデバイスアクティビティの3つの新しい評価を導入します。アプリアクセスリスクは、他のアプリが実行中でスクリーンをキャプチャしたり、デバイスを制御できるかどうかを確認するためのものです。Play Protectの評価は、Play Protectが有効かどうか、既知の有害なアプリがデバイス上に存在するかどうかを知らせます。最近のデバイスアクティビティは、特定のデバイスで過去1時間にアプリが行ったインテグリティリクエストの数を教えてくれます。これにより、攻撃の兆候を検出できます。
📲 Android 15のセキュリティアップデート
Sabsは、Android 15の重要なプラットフォームセキュリティアップデートについて説明します。TargetSdk、Safer Intents、バックグラウンドアクティビティの起動に関する変更を取り上げます。Android 15では、TargetSdkバージョンが24未満のアプリのインストールを防止します。これにより、最新のセキュリティパッチやプライバシーコントロールを適用し、古いリスキーなコンポーネントの使用を防ぎます。さらに、インテントの安全性を向上させるためのツールを追加し、インテントが他のアプリのインテントフィルターと一致しない場合に警告を出します。バックグラウンドアクティビティの起動に関する変更も行い、PendingIntentクリエーターがデフォルトでバックグラウンドアクティビティの起動をブロックします。これにより、悪意のあるアプリがシステムアクティビティを不正に取得するのを防ぎます。
🛡️ Androidの最新プライバシーとセキュリティ機能のまとめ
Tina Sriskandarajahは、Androidの最新のプライバシーとセキュリティ機能についての要点をまとめます。ユーザー保護は、Androidとアプリ開発者の共同責任であり、これらの新機能は安全で信頼できるユーザーエクスペリエンスを維持するために大いに役立つと強調します。開発者は、アクティビティにsensitive contentが含まれる場合はflag_secureを使用し、最新のSDKバージョンをターゲットにして最新のセキュリティ強化を自動的に適用し、Play Integrity APIを使用してアプリのセキュリティとビジネス価値を保護し、インテントを適切なコンポーネントに送信し、最新のバックグラウンドアクティビティ起動の更新をオプトインすることで、アプリのセキュリティを向上させることが重要です。
Mindmap
Keywords
💡Android
💡セキュリティ
💡プライバシー
💡Google Play Protect
💡スクリーン共有
💡デバイス盗難
💡Play Integrity API
💡Android 15
💡メディアパーミッション
💡プライベートスペース
Highlights
Android团队分享了如何保护用户安全和隐私的最新更新。
2023年,Android阻止了超过200万个违反政策的应用被发布,并且禁止了超过30万个不良开发者账户。
Google Play Protect现在可以推荐在安装从未扫描过的应用程序时进行实时应用扫描。
Play Protect已经识别了超过50万个新的恶意应用,并因此发出了300万次新警告。
Tina介绍了今年推出的新保护措施,以使Android更加安全。
改进了用户屏幕共享体验,以防止无意中泄露信息。
Android 15将保护屏幕共享会话期间出现的通知内容。
引入了新的远程锁定功能,使用户能够远程锁定设备。
新增了私人空间功能,为用户提供了一个单独的空间,用于存放不希望他人访问或知晓的应用程序。
减少了对用户照片和视频的广泛访问,Google Play开始积极执行相关政策。
推荐使用Android系统的图片选择器,因为它不需要任何权限,并且易于实现。
Play Integrity API帮助检查用户操作和服务器请求是否来自未修改的二进制安装包。
使用Play Integrity API的开发者平均减少了80%的未授权使用。
介绍了三个新的Play Integrity API功能:应用访问风险、Play Protect判决和最近的设备活动。
Android 15不允许安装目标SDK版本低于24的应用,以提高用户的安全性和隐私。
Android 15中,发送空操作意图不再匹配任何意图过滤器,以提高安全性。
Android 15改进了后台活动启动的安全性,以防止恶意应用利用。
Tina总结了保护用户的一些最佳实践,包括使用flag_secure保护应用活动,及时更新SDK版本等。
Transcripts
[MUSIC PLAYING]
DOM ELLIOTT: Hi, I'm Dom and I'm joined by my colleagues,
Tina and Sabs, from the Android team.
We're thrilled to be here today to share the latest
updates on how we're safeguarding Android
users' security and privacy.
Each year, we've consistently improved user protections
in the Android platform, and we've
raised the bar for safe, Trusted Apps on Google Play.
In 2023, we prevented over 2 million policy-violating apps
from being published, we banned over 300,000 bad developer
accounts, we scanned over $200 billion apps every day
for malware, and we paid out over $10 million to security
researchers.
That's not all.
Google Play Protect can now recommend a real-time app
scan when an app is being installed that has never
been scanned before.
This is already helping us to detect emerging security threats
more quickly.
Play Protect has identified over 500,000 new malicious apps
and issued 3 million new warnings as a result of this
scanning.
OK, let's get on to the main updates.
First, Tina will talk about the latest Android features
protecting users against scams, fraud and device theft.
Then, I'll go over the new Integrity API
features, which you can use to defend your app against attacks
and abuse.
And finally, Sabs is going to give you
a detailed look at the most important security
changes in Android 15 that you should be aware of.
Now it's over to Tina.
TINA SRISKANDARAJAH: Thanks, Tom.
Hi, everyone.
I'm Tina, a Product Manager on Android Framework.
There are a number of ways the platform already
helps users view and manage their data, including
runtime permission controls and the privacy dashboard.
I'm excited to tell you about some of the new protections
we're introducing this year to make Android even better.
I'll share about our efforts to help prevent abuse
across screen sharing, device-theft detection
and remediation, and more.
First, we'll talk about improvements to the user
screen-sharing experience.
When users share their screens, they might unintentionally
reveal more information with remote viewers than intended.
Malicious actors can even convince
users to share their screen in situations when users
don't really need to share.
Actors then use that view to steal information
off users' screens.
To help address the situation, we
are changing the default screen-sharing scope
to just a single app.
If users want to share their entire screen,
they can still choose to do so.
With the single-app option, the status bar, navigation bar,
notifications, and other system UI elements
are excluded from the shared display.
Only the content of the selected app is shared.
Another scenario we want to improve with screen sharing
is the visibility of notifications.
If a remote viewer sees the user's notifications,
it could reveal embarrassing or even sensitive
information, like one-time passwords.
Starting in Android 15, we'll protect
notification content that appears
during a screen-share session.
If you want users to see notification content even
during screen sharing, provide a public version
of notification content for your app.
If a public version is not provided,
a private version is shown, which does not
contain notification content.
We'll also hide app-activity windows
if the app posts a notification containing a one-time password
during a user's screen-share session.
This will be automatically done when
notifications with one-time passwords
are detected by the platform.
In this example, a user's messaging app
has posted a notification with a one-time password
during a screen-share session.
The user taps the notification to open the messaging app.
The remote viewer, however, sees a blank screen
instead of the app window containing
the one-time password.
Another way malicious attackers can
snoop a user's one-time password is
through apps that have been granted the notification
Listener Service permission.
Starting in Android 15, apps that
use the notification Listener Service will
receive notifications with one-time password content
removed.
Apps that depend on the full notification
content, such as wearable apps connected through companion
Device Manager, will continue to receive the full notification
content.
Now I'm going to tell you more about what Android
is doing to protect users from physical device theft this year.
We're hardening the device against theft
and adding more data protections to make the device less
attractive to thieves.
We'll lock out thieves who have access to your phone
if they fail multiple times to log
into a PIN or biometric-protected app
or service.
We're also requiring authentication
when someone tries to change certain sensitive settings.
In the moment when a thief tries to take your phone,
a new detection feature will activate.
This locks the screen and protects your data.
If a device is taken, it's often a shocking situation
for the user.
They don't always remember how to protect
their data after the fact.
So we're adding a new remote-locking feature
that will provide an even easier way for users
to remotely lock their device, even if they don't remember
their Google-account password.
We're also adding a new private-space feature.
So even if your device falls into the wrong hands,
you have more protection for your apps.
Private space is your separate space on the device for any apps
you don't want others to access or know about.
This space can be populated with any apps you want and can
be locked and hidden from view.
Private space can have its own separate lock.
This feature can be useful for protecting your sensitive apps
in case of theft, accidental exposure, or snooping.
Something else we're doing to protect users
is reducing broad access to their photos and videos.
Last year, Google Play announced a policy related to the photo
and video permissions.
Apps must now demonstrate that they require broad access
to the photos and videos for their core use case
in order to use this permission.
Google Play will begin actively enforcing this policy in August.
Many apps request media permissions for legacy reasons
that no longer apply.
So you may be able to simply stop
requesting the media permissions without making
any other changes to your app.
If your app uses the photo or video permission for custom
photo-picking experience, for example,
if you ask the user to select a profile picture,
we recommend you use the Android-system photo
picker instead.
The Android photo picker is the best solution
for nearly every app.
It does not require any permissions,
includes cloud photos from Google Photos,
is customizable for your app's needs
and is super easy to implement.
We are continuing to improve the photo picker with Search
and more exciting features to create
the best possible photo-picking experience for your users.
Try it in your app today.
TINA SRISKANDARAJAH: Now I'm going to hand
it back to Dom to talk about additional ways
to protect your users and your business.
DOM ELLIOTT: Thank you, Tina.
Now, let's talk about what you can
do to protect your users against attacks and scams
while also protecting your app and business from abuse.
The Play Integrity API helps you check
that user actions and server requests
are coming from your apps unmodified binary, installed
by Google Play, and running on a genuine Android device.
The Play Integrity API works across Android SDK versions
and is fully supported on mobile phones, tablets, and foldables.
You can also use it on Google Play games for PC
and other Android form factors.
How does it work?
You call Play Integrity API at important moments in your app
or in the background to obtain an integrity token from Google.
You pass the integrity token to your app's backend server
where you can decrypt it to obtain Plays integrity verdict.
With this verdict, you can decide
whether you trust the request was made by your genuine app.
If something is wrong, your app's backend server
can decide what to do next.
For example, you can ask the user to verify themselves,
or you could deny access to some sensitive functionality.
Thousands of developers are using
Play Integrity API in production to perform integrity checks.
And developers using Play Integrity features
see, on average, 80% lower unauthorized usage
compared to unprotected apps.
So what's new?
First up, app access risk is a new verdict
that you can use to check whether there
is a risk of other apps running that could access or control
your app.
Say, for example, the user is about to perform
a sensitive action, such as transferring some money.
Before allowing the transfer to proceed,
you can check the app access risk verdict
and check there aren't other apps running
that can capture the screen or that can control the device.
You can also show a Google Play dialogue to prompt the user
to ask them to close any capturing or controlling
apps that are open.
App access risk has different risk levels.
A capturing response means other apps are running
that can capture the screen.
A controlling response means other apps are running
that can control the device, and hence, they
could both capture the screen and even control inputs
into your app.
App access risk automatically excludes genuine accessibility
apps known to Google that have been through a special review
process.
Like the other signals in the Play Integrity API,
the requesting app receives no user or device identifiers,
nor does it receive any information
about the apps that resulted in a positive verdict.
We've already been testing app access risk
with early-access partners, like Nubank, Revolute, Mercado Libre,
and PhonePe.
It's available now in public beta
and will be generally available in the coming months.
The second feature is the Play Protect verdict.
This tells your app where the Play Protect is turned on
and whether it has found known harmful apps on the device.
If malware is a particular concern
for your app or your users' data, you can check this verdict
and ask your users to turn on, Play Protect
or remove harmful apps before proceeding.
The third feature is recent device activity.
This tells you how many integrity requests your app
has made on that specific device in the last hour.
This is useful to detect anomalously high requests.
That could be a sign of attack.
First, you should check the data to see
what the typical device-activity levels for your app
are across all of your devices.
Then you can decide how your app should respond when a device is
making too many requests.
If the activity is a little high,
you might want to ask the user to try again later.
If the activity is very high, you
might want to take stronger enforcement action.
You can opt in to all three new features
in both standard and classic Integrity API requests.
Standard API requests, launched last year,
are the low-latency option for integrity verdicts.
They're suitable for the majority of apps and games,
and you can make them on demand at important moments
in your app.
After you start making requests, you
can visit the revamped Integrity API report in the Play Console
to break down your responses and check for any anomalies.
You can use the report to understand your install base
better before you decide what actions and enforcements you're
going to take next.
In addition to the Play Integrity
API, which is available to all Android developers,
select Google Play partners also have access
to automatic integrity protection in the Google Play
console.
When you turn on automatic protection,
Google Play will automatically add and install
a check to your app and the strongest version of Google
Play's anti-tamper protection.
This protects your app without any developer work required
and without any backend server integration needed.
DOM ELLIOTT: OK, now it's Sabs's turn
to talk about what's new in Android 15.
Sabs, over to you.
SABS: Thanks, Dom.
I'm excited about those changes coming to Play Integrity API.
Hi, everyone.
I'm Sabs and I'm part of the Android Security Team.
Today I'm going to talk with you about some important platform
security updates for Android 15 and what you need
to do to keep your apps secure.
I will walk you through three key areas with changes--
TargetSdk, Safer Intents, and background-activity launching.
Let's begin with an update on the TargetSdk version.
Following up on Android's 14 improvements,
Android 15 prevents apps with TargetSdk version lower than 24
from being installed.
Requiring apps to meet this minimum target
API improves security and privacy for users
by encouraging apps to apply the latest security patches, privacy
controls, and development practices,
while discouraging the use of outdated and potentially risky
components.
On devices upgrading to Android 15, any apps with TargetSdk
version lower than 24 will remain installed.
Developers should expect similar bumps
in future Android versions.
Next, let's take a look at what our teams are
doing to make intents safer.
Intents are the messaging glue that connect activities
between different apps.
They signal when your app intends to perform some action
or communicate with some other component.
Intents are powerful tools for communicating
between app processes.
However, improper handling of intents
can create vulnerabilities that a malicious actor could exploit.
In Android 15, we have added tools
to help developers identify when their apps' intents are
mismatching other apps' intent filters.
The key takeaway here is that if you
are sending explicit intents, make
sure they satisfy the target component intent-filter.
Why?
Well, here's a vulnerability pattern
that we have seen in practice.
Let's say we have a Package, com.victim,
and inside the manifest file we define two broadcast receivers.
First, there is an internal receiver, which is not exported,
and then there's an external receiver, which is exported.
Each receiver handles its own internal interaction.
The internal one handles sensitive items,
and the external one handles things that are public.
To receive those intents, we define
the centralized intent-handler object within the main activity.
With this object, we define two intent actions.
The private action will send data
to an internal receiver within the app,
and the public action sends data to another app's
external receiver.
Now, an attacker could simply define an intent action
as the internal one and point to the external component.
This switch causes the internal receiver to be called.
The attacker has successfully called internal action even
though it was not exported.
To help developers guard against this kind of attack,
we're adding some protections for Android 15.
When developers enable the Strict Mode,
they will be able to see the mismatching
as a violation in Logcat, suggesting they
should update their intents.
To offer app compatibility and ease adoption,
Strict Mode is not mandatory.
In fact, your app must target Android 15 in order
to use the Strict Mode.
In Android 15, sending NULL action intents we
no longer match any intent-filter.
For this other change, here's another vulnerable pattern.
On the left, we have a broadcast receiver named MyReceiver.
This receiver is exported and has no action.
On the right, we have to create a NULL intent [? adjacent ?]
in it, and the broadcast receiver
will still receive the intent.
A lot of broadcast receivers in real-world apps
do not expect the intent action to be nullable
and will actually crash with a NULL pointer exception
when receiving these kind of intents.
Here's what's coming in Android 15 to help developers.
We will update the match method of the IntentFilter class
so that when an intent sends a NULL action,
the system converts it to a NO_MATCH_ACTION.
And it will be available as part of Strict Mode.
Before moving to the next topic, let's
review best practices for using pending intents.
For the Safer Intents update, the creator of the PendingIntent
is treated as the sender of the closing intent,
not as the sender of the PendingIntent.
Handle PendingIntents carefully in your app,
make sure who is the creator and the sender of the PendingIntent.
Now, let's look at what's coming for Android 15
in background activity launches.
Background activities are processes
within an app that run even when the app is indirectly
in the foreground.
This means they aren't immediately visible to the user,
but they are still performing essential tasks.
We know that unwanted, malicious background activity
launches are among the most common issues
found by security researchers.
We updated our documentation to include best practices
that help developers mitigate the risks with background
activity launches.
Let's take a look at some of the vulnerable patterns
with background activity launches.
For pop-up ads, a background app starts
on top of the foreground app, limiting the user's interactions
with the device.
This can lead to full denial of service
where the user can't use the device.
Another type of vulnerability is tapjacking
where a background app can partially or fully
cover the foreground app.
A third type of vulnerability is a screen phishing,
where a background app can show a modal dialog or full-screen
activity after the foreground app's dialog or activity is
closed.
This allowed the background app to impersonate the recently used
foreground app.
Here's how we'll further improve background activity launch
security in Android 15.
First, PendingIntent creators will now
block background activity launches by default.
Because the system does not restrict background activity
launches, we have seen cases where
an app will bypass background activity launches by sending
a system-creator PendingIntent.
Second, we're going to update when an activity starts
in the background, and we won't bring
the task stack to the foreground unless the PendingIntent
creator or sender is allowed to launch background activities.
Currently, malicious apps can obtain and trigger
PendingIntents.
This brings the system activity into malicious app tag stack
and can terminate the system's activity unexpectedly.
Third, we will update how an activity that
matches the top app's user ID can start activities, create
a new task, or bring a task into the foreground.
This prevents the situation where
a malicious app in the foreground
launches a victim's activity on top of it
and then, subsequently, impersonated by launching
one of its own activities.
Finally, we will update how an activity finishes its task.
If the activity is in the foreground,
the user will be returned to whichever activity was last
active.
And if the activity wasn't on top,
the user will go back to the home screen.
This prevents user interaction with a victim app
that was previously launched by a malicious app,
allowing for the stealing of the user's credentials
and other bad behavior.
And that's all we have for the platform security updates.
We hope this helped you protect your users.
Back to you, Tina.
TINA SRISKANDARAJAH: Thank you for taking the time
to learn more about Android's latest privacy and security
features.
Protecting users is a shared responsibility between Android
and app developers.
And we know these features will go a long way
to upholding a safe and trusted user experience.
To recap some of the best practices to keep users safe,
app developers should continue to use
flag_secure to protect app activities that could contain
sensitive content.
Target the latest SDK versions as soon
as possible to apply the latest security enhancements to app
automatically.
Check out all the functionality offered through the Play
Integrity API to protect the security and business
value of your app.
And make sure your intents are being
sent to the right component and your app opts-in to the latest
background activity launch updates
in order to help your app be more secure.
TINA SRISKANDARAJAH: We appreciate your time today.
If you'd like to learn more, please visit the Android
developer's website.
We've included some useful links below.
Thank you again for doing your part to keep Android users safe.
[MUSIC PLAYING]
Parcourir plus de vidéos associées
![](https://i.ytimg.com/vi/v2x24L33yHk/hq720.jpg)
【神アプデ】マメ愛用のブラウザアプリ『Arc Search』の新機能が気になり過ぎるぞ...。
![](https://i.ytimg.com/vi/RKq8gxqmi7U/hq720.jpg)
Top Android Apps! (May 2024)
![](https://i.ytimg.com/vi/YDeHGPk0zRc/hq720.jpg)
Creating Seamless Cross-Device Experiences with Windows | OD501
![](https://i.ytimg.com/vi/hB6aeTxXKFk/hq720.jpg)
AUTO-GPT is Here? Build AI Bots with Zapier Central & Work Across 6,000+ Apps
![](https://i.ytimg.com/vi/jt4486wHHU8/hq720.jpg?v=6662217f)
WWDC 2024: CNET's Live Coverage From Apple's AI Event
![](https://i.ytimg.com/vi/LhuYkvMy-CE/hq720.jpg)
Java 21 - Language Features and Beyond
5.0 / 5 (0 votes)