Google Discloses Measures to Defend Android Against Ransomware

Google offers details on measures it has taken to protect Android mobile devices from ransomware and provides advice about what users can do themselves to mitigate the threat.

Security traps

Ransomware has become a major threat on desktop and notebook systems, but has been somewhat less of a danger on mobile devices.

Even so Google wants Android users to know what the company is doing and what they can do themselves to protect against the ransomware attacks before it becomes a widespread problem.

In a blog, Google’s senior program manager for Android security, Jason Woloz outlined some of the measures Google has implemented in its Android 7.0 Nougat release to protect against ransomware.

One of them is what Woloz described as a "safety blinders" feature that ensures an Android app cannot see what other applications might be active on a user device at the same time.  “That means scammy ones can’t see what other apps are doing—and can’t inform their attacks based on activity,” Woloz said.

Google has also tweaked the lock screen feature on Android 7.0 in to prevent ransomware tools from misusing a user’s permission settings to change their lock screen PIN.

The measure is designed to protect users from being locked out of their device by ransomware. Also available in Nougat is a feature that protects Android users against clickjacking, which is a type of attack where users are tricked into granting apps permissions to do certain things on their devices that they never intended to grant.

Android’s application sandboxing provides an additional layer of security by ensuring that all applications operate completely independently of each other. The technology requires Android apps to mutually consent to sharing data before any sharing can actually take place. The feature limits the ability for a ransomware tool to access sensitive data stored by another app, such as contact list, Woloz pointed out.

While such measures mitigate some of the risks posed by mobile ransomware, there are things that users can do to protect themselves against the threat as well, he noted. For instance, users can minimize the risk of downloading malicious apps on their devices by ensuing they download apps only from Google’s Play store or other trustworthy sources.

Since 2015, only a very tiny 0.00001 percent of all Android app installations from Google Play were ransomware tools compared to about .01 percent of installations from third-party app stores. “That’s less than the odds of getting struck by lightning twice in your lifetime,” Woloz said.

Enabling Android’s Verify Apps feature is another way to spot and stop potentially harmful apps, he said. The feature scans all apps that are downloaded from third-party app stores for malware both before and after the application is downloaded and installed on a device.

Mobile ransomware, like the desktop counterpart, can come in two forms—one that locks people out of their device or one that encrypt all data on the SD card.

Android users that don’t want to pay a ransom if their device gets infected can try booting into the device’s safe mode. This ensures that the device starts-up only with the software and the applications that came with it.  If the boot is successful, they can then try and uninstall the ransomware app and then reboot the device.

“Ransomware on Android is exceedingly rare,” Woloz claimed. “Still, we’ve implemented lots of new protections in Nougat, and we continue to improve on the defenses that have long been in place.” 

Jaikumar Vijayan

Jaikumar Vijayan

Vijayan is an award-winning independent journalist and tech content creation specialist covering data security and privacy, business intelligence, big data and data analytics.