Websites have used CAPTCHA’s for years now to protect website registrations, application logins, blog comments, online polls and other features from being accessed and spammed by automated bot programs.
Over the years, the programs have employed a variety of ways to distinguish humans from bots including using distorted text, street names, street numbers and other mechanisms.
With the exploding use of mobile devices to access websites and services, Google last week rolled out an API that Android developers can use to incorporate the company’s version of CAPTCHA into their apps.
Google reCAPTCHA is a step up from the original CAPTCHA in that it doesn’t always require users to read distorted text or solve a simple problem. Instead, the technology is designed to use risk analysis models to automatically distinguish between humans and bot programs in a majority of cases. It is only when a reCAPTCHA is unable to distinguish with certainty between a bot and a human that it serves up a CAPTCHA to be solved.
The new Android API is available on Google Play Services and is designed to give app developers a way to easily incorporate these capabilities into their apps.
“With this API, reCAPTCHA can better tell human and bots apart to provide a streamlined user experience on mobile,” said Wei Liu, a product manager at Google on the company’s Android Developers Blog. “It will use our newest Invisible reCAPTCHA technology, which runs risk analysis behind the scene and has enabled millions of human users to pass through with zero click everyday.”
The reCAPTCHA Android API is included with Google’s SafetyNet suite of services for protecting mobile applications. Developers can use the same API to enable both device attestation and user attention in order to mitigate mobile application security risks.
The reCAPTCHA API adds to the diversity of security capabilities that are available on Android, Liu said. Some examples of available protections include device encryption, monthly security patching, and Google’s recently introduced Play Protect, a technology for continuously scanning and monitoring Android devices for potentially harmful applications and malware.
Google has also introduced other security enhancements in Android, including new protections in the way the operating system handles audio and video. Instead of storing different media components altogether in one place, the latest version of Android now stores audio and video components in separate sandboxes so as to minimize the potential impact of breaches.
With Android 7.0 Nougat, Google also introduced a new ‘Always On’ Virtual Private Network capability that is designed to secure the use of Android devices in the workplace. The technology is designed to ensure that corporate data travels from an employee’s work phone to a personally owned device only via a secure tunnel.
Google’s SafetyNet, which the new API is now a part, is a collection of APIs and services for mobile application protection. Developers can use the APIs to enable capabilities in their applications for protecting against a variety of threats including potentially malicious apps, device tampering and bad URLs.