The State of Google Security in 2016
Google's corporate mission statement has long included the phrase "Do No Evil," which refers to Google as a company, but it could easily also be extended to the broader Internet as well. Google is working on multiple fronts to make sure "no evil"—be it a hack or malware attack—goes on against its users and the Internet at large.
Last week at the Google I/O conference (read Chris Preimesberger's roundup of I/O 2016 news here), the company made a number of product and services announcements. Integrated with some of those announcements and in stand-alone sessions at the conference was the theme of security.
The upcoming Android N mobile operating system will be getting a number of important new security capabilities. Among them is a new mediaserver library approach that aims to eliminate the risks of the existing Android media server technology. In July 2015, the first Android Stagefright mediaserver library flaws were announced, and ever since, Google has been updating Android incrementally as new media server flaws are discovered by researchers. In the Google Android May 2016 update alone, Google patched seven mediaserver vulnerabilities.
A consequence of the Stagefright mediaserver flaws is that in August of 2015, Google moved to a monthly update cycle for Android. It's a cycle that with Android N will accelerate further thanks to the introduction of automatic patching in a manner similar to how Chromebooks are updated today.
NEWS ANALYSIS: Google is actively working on multiple efforts to make the Internet safer for everyone, as it pushes good password practices and auto-updates.
Stephan Somogyi, product manager of security and privacy at Google, delivered at I/O what he referred to as the "3rd Annual Google Security Update," providing an overall update on security, with "updating" being a key theme.