Android Security

Presented at VB2016, Oct. 5, 2016, 2 p.m. (90 minutes)

Sebastian Porst and Jason Woloz will guide a Small Talk on behalf of *Google*'s Android Security Team, safeguarding 1.4B devices worldwide. They will present a series of discussion topics that impact users, device manufactures and software developers across the *Android* ecosystem. Their aim is to create a dialogue with the security community with the goal of establishing opportunities for collaborative problem solving. 1. Malware impact has no physical boundaries and can infect devices no matter what region they reside in. Many malware authors operate in regions of the world where international law enforcement cannot easily take action, leaving users without agency or recourse. How might we build a consortium of industry anti-malware response teams (e.g. CERT-like) to take coordinated action to reduce malware's footprint? 2. Application abuse and what is considered to be a potentially harmful application differs based on cultural and regional norms. How might we normalize on a definition of what are considered potentially harmful practices, so we can operate anti-malware campaigns without consideration for borders? 3. *Google Play* is a controlled environment with systematic enforcement across its application inventory. Given the diversity of third-party marketplaces, we need to rely on a variety of tools and processes. How might we ensure that third-party marketplaces are just as safe as *Google Play*? 4. Malware writers are incentivized by a variety of drivers, from monetary gain to vandalism. Are there any anti-patterns we could champion that would disincentive malware authors? 5. There are a lot of really smart security professionals and researchers that could be even more effective if they shared their data amongst one another. How might we encourage data sharing within the *Android* security community? 6. Security researchers often disagree on what constitutes a family of malware. This often generates misunderstandings and press that requires anti-malware teams to verify leads on a constant basis. How might we set a standard for what a malware family is and is not?

Presenters:

  • Jason Woloz - Google
    Jason Woloz In his role as Senior Program Manager of Google's Android Security team, Jason is responsible for ensuring the health and wellness of Android's anti-malware, platform and attack programs, as well as industry outreach and research. Before joining the Android team Jason worked on a variety of cross-functional privacy and security engineering projects across Google. Prior to Google Jason held various leadership roles in security, including Chief Information Security Officer for a global SaaS provider.
  • Sebastian Porst - Google
    Sebastian Porst In his role as Engineering Manager of Google's Android Security team, Sebastian is ultimately responsible for keeping potentially harmful applications out of Google Play and for protecting users who sideload potentially harmful applications. Before becoming the manager of this team, he worked as a reverse engineer and software engineer on the same team, which gave him a lot of exposure to harmful Android applications. In previous jobs, Sebastian worked on Flash and PDF exploit analysis, and developed popular binary code reverse engineering tools.

Links:

Similar Presentations: