New Password Checkup Feature Coming to Android

Posted by Arvind Kumar Sugumar, Software Engineer, Android Team With the proliferation of digital services in our lives, it’s more importa... | Continue reading


@security.googleblog.com | 5 days ago

Google SEC Blog: Launching OSV – Better vulnerability triage for open source

Posted by Oliver Chang and Kim Lewandowski, Google Security Team We are excited to launch OSV (Open Source Vulnerabilities), our first step... | Continue reading


@security.googleblog.com | 23 days ago

Vulnerability Reward Program: 2020 Year in Review

Posted by Anna Hupa, Senior Strategist, Vulnerability Rewards Team Despite the challenges of this unprecedented year, our vulnerability re... | Continue reading


@security.googleblog.com | 24 days ago

Know, Prevent, Fix: A framework for shifting the discussion around

Posted by Eric Brewer, Rob Pike, Abhishek Arya, Anne Bertucio and Kim Lewandowski  Executive Summary: The security of open source softw... | Continue reading


@security.googleblog.com | 25 days ago

New Year, new password protections in Chrome

Posted by Ali Sarraf, Product Manager, Chrome Passwords help protect our online information, which is why it’s never been more important t... | Continue reading


@security.googleblog.com | 1 month ago

OpenTitan at One Year: The Open Source Journey to Secure Silicon

Posted by Dominic Rizzo, OpenTitan Lead, Google  During the past year, OpenTitan has grown tremendously as an open source project and is on... | Continue reading


@security.googleblog.com | 2 months ago

Fostering research on new web security threats

Posted by Artur Janc and Jan Gora, Information Security Engineers  The web is an ecosystem built on openness and composability. It is an ex... | Continue reading


@security.googleblog.com | 2 months ago

Our open source security key test suite

Posted by  Elie Bursztein, Security and Anti-abuse Research Lead, Jean-Michel Picod, Software Engineer and Fabian Kaczmarczyck, Software Eng... | Continue reading


@security.googleblog.com | 3 months ago

Privacy-preserving features in the Mobile Driving License

Posted by David Zeuthen, Shawn Willden and René Mayrhofer, Android Security and Privacy team In the United States and other countries a D... | Continue reading


@security.googleblog.com | 4 months ago

Privacy-Preserving Smart Input with Gboard

Posted by Yang Lu, Software Engineer, Angana Ghosh, Group Product Manager, and Xu Liu, Director of Engineering, Gboard team Google Keyboar... | Continue reading


@security.googleblog.com | 4 months ago

New Password Protections (and More) in Chrome

Posted by AbdelKarim Mardini, Senior Product Manager, Chrome Passwords are often the first line of defense for our digital lives. Today, w... | Continue reading


@security.googleblog.com | 4 months ago

The Launch of the Android Partner Vulnerability Initiative

Posted by Kylie McRoberts, Program Manager and Alec Guertin, Security Engineer Google’s Android Security & Privacy team has launch... | Continue reading


@security.googleblog.com | 4 months ago

New reward amounts for abuse risk researchers

Posted by Marc Henson, Lead and Program Manager, Trust & Safety; Anna Hupa, Senior Strategist, at Google It has been two years since we offi... | Continue reading


@security.googleblog.com | 6 months ago

Pixel 4a is the first device to go through ioXt at launch

Posted by Eugene Liderman and Xevi Miro Bruix, Android Security and Privacy Team Trust is very important when it comes to the relationshi... | Continue reading


@security.googleblog.com | 6 months ago

Towards native security defenses for the web ecosystem

Posted by Artur Janc and Lukas Weichselbaum, Information Security Engineers With the recent launch of Chrome 83, and the upcoming release ... | Continue reading


@security.googleblog.com | 7 months ago

System Hardening in Android 11

Posted by Android Platform Hardening Team In Android 11 we continue to increase the security of the Android platform. We have moved to s... | Continue reading


@security.googleblog.com | 8 months ago

11 Weeks of Android: Privacy and Security

Posted by Charmaine D'Silva, Product Lead, Android Privacy and Framework, Narayan Kamath, Engineering Lead, Android Privacy and Framework, S... | Continue reading


@security.googleblog.com | 8 months ago

Google Authenticator Now Supports Transfer of 2-Step Verification Codes

Posted by Dongjing He, Software Engineer; Teddy Katz, Software Engineer; Christiaan Brand, Product Manager Today is World Password Day, an... | Continue reading


@security.googleblog.com | 9 months ago

How Google does certificate lifecycle management

Posted by Siddharth Bhai and Ryan Hurst, Product Managers, Google Cloud  Over the last few years, we’ve seen the use of Transport Layer Se... | Continue reading


@security.googleblog.com | 11 months ago

How Google Play Protect kept users safe in 2019

Posted by Rahul Mishra, Program Manager, Android Security and Privacy Team Through 2019, Google Play Protect continued to improve the s... | Continue reading


@security.googleblog.com | 11 months ago

FuzzBench: Fuzzer Benchmarking as a Service

Posted by Jonathan Metzman, Abhishek Arya, Google OSS-Fuzz Team and László Szekeres‎, Google Software Analysis Team We are excited to laun... | Continue reading


@security.googleblog.com | 12 months ago

How we fought bad apps and malicious developers in 2019

Posted by Andrew Ahn, Product Manager, Google Play + Android App Safety [Cross-posted from the Android Developers Blog ] Google Pl... | Continue reading


@security.googleblog.com | 1 year ago

Protecting users from insecure downloads in Google Chrome

Posted by Joe DeBlasio, Chrome security team Today we’re announcing that Chrome will gradually ensure that secure (HTTPS) pages only down... | Continue reading


@security.googleblog.com | 1 year ago

OpenSK: a fully open-source security key implementation

Posted by Elie Bursztein, Security & Anti-abuse Research Lead, and Jean-Michel Picod, Software Engineer, Google  Today, FIDO security... | Continue reading


@security.googleblog.com | 1 year ago

Securing open-source: how Google supports the new Kubernetes bug bounty

Posted by Maya Kaczorowski, Product Manager, Container Security and Aaron Small, Product Manager, GKE On-Prem Security At Google, we ca... | Continue reading


@security.googleblog.com | 1 year ago

Protecting programmatic access to user data with Binary Authorization for Borg

Posted by Daniel Rebolledo Samper and Mark Lodato, Software Engineers, Security & Privacy At Google, the safety of user data is our paramo... | Continue reading


@security.googleblog.com | 1 year ago

Better password protections in Chrome – How it works

Posted by Patrick Nepper, Kiran C. Nair, Vasilii Sukhanov and Varun Khaneja, Chrome Team Today, we announced better password protection... | Continue reading


@security.googleblog.com | 1 year ago

Detecting unsafe path access patterns with PathAuditor

Posted by Marta Ro ż ek, Google Summer Intern 2019, and Stephen R ö ttger, Software Engineer  #!/bin/sh cat /home/user/foo What can go w... | Continue reading


@security.googleblog.com | 1 year ago

80% of Android apps are encrypting their respective network traffic using HTTPS

Posted by Bram Bonné, Senior Software Engineer, Android Platform Security & Chad Brubaker, Staff Software Engineer, Android Platform Secu... | Continue reading


@security.googleblog.com | 1 year ago

Using a built-in FIDO authenticator on latest-generation Chromebooks

Posted by Christiaan Brand, Product Manager, Google Cloud  We previously announced that starting with Chrome 76, most latest-generation... | Continue reading


@security.googleblog.com | 1 year ago

The App Defense Alliance: Bringing the security industry to fight bad apps

Posted by Dave Kleidermacher, VP, Android Security & Privacy Fighting against bad actors in the ecosystem is a top priority for Google, bu... | Continue reading


@security.googleblog.com | 1 year ago

OpenTitan – open sourcing transparent, trustworthy, and secure silicon

Posted by Royal Hansen, Vice President, Google and Dominic Rizzo, OpenTitan Lead, Google Cloud  Security begins with secure infrastructure... | Continue reading


@security.googleblog.com | 1 year ago

Protecting Against Code Reuse in the Linux Kernel with Shadow Call Stack

Posted by Sami Tolvanen, Staff Software Engineer, Android Security & Privacy Team The Linux kernel is responsible for enforcing much of... | Continue reading


@security.googleblog.com | 1 year ago

USB-C Titan Security Keys – Available Tomorrow in the US

Posted by Christiaan Brand, Product Manager, Google Cloud  Securing access to online accounts is critical for safeguarding private, finan... | Continue reading


@security.googleblog.com | 1 year ago

No More Mixed Messages About HTTPS

Posted by Emily Stark and Carlos Joan Rafael Ibarra Lopez, Chrome security team Today we’re announcing that Chrome will gradually start e... | Continue reading


@security.googleblog.com | 1 year ago

Expanding Bug Bounties on Google Play

Posted by Adam Bacchus, Sebastian Porst, and Patrick Mutchler — Android Security & Privacy [Cross-posted from the Android Developers Blo... | Continue reading


@security.googleblog.com | 1 year ago

Protecting Chrome Users in Kazakhstan

Posted by Andrew Whalley, Chrome Security When making secure connections, Chrome trusts certificates that have been locally installed on a... | Continue reading


@security.googleblog.com | 1 year ago

Fido2 can now be used on Android with Chrome

Posted by Dongjing He, Software Engineer and Christiaan Brand, Product Manager  Passwords, combined with Google's automated protections, h... | Continue reading


@security.googleblog.com | 1 year ago

Awarding Google Cloud Vulnerability Research

Posted by Felix Groebert, Information Security Engineering Today, we’re excited to announce a yearly Google Cloud Platform (GCP) VRP Prize... | Continue reading


@security.googleblog.com | 1 year ago

Adopting the Arm Memory Tagging Extension in Android

Posted by Kostya Serebryany, Google Core Systems, and Sudhi Herle, Android Security & Privacy Team As part of our continuous commitment t... | Continue reading


@security.googleblog.com | 1 year ago

Google doubles its maximum reward for security reports. It's now $30K

Posted by Natasha Pabrai and Andrew Whalley, Chrome Security Team Chrome has always been built with security at its core, by a passionate ... | Continue reading


@security.googleblog.com | 1 year ago

Helping organizations do more without collecting more data

Posted by Amanda Walker - Engineering Director, Sarvar Patel - Software Engineer, and Moti Yung - Research Scientist, Private Computing We... | Continue reading


@security.googleblog.com | 1 year ago

New Chrome Protections from Deception

Posted by Emily Schechter, Chrome Product Manager Chrome was built with security in mind from the very beginning. Today we’re launching tw... | Continue reading


@security.googleblog.com | 1 year ago

Use your Android phone’s built-in security key to verify sign-in on iOS devices

Posted by Kaiyu Yan and Christiaan Brand Compromised credentials are one of the most common causes of security breaches. While Google aut... | Continue reading


@security.googleblog.com | 1 year ago

Improving Security and Privacy for Extensions Users

No, Chrome isn’t killing ad blockers -- we’re making them safer Posted by Devlin Cronin, Chrome Extensions Team The Chrome Extensions ec... | Continue reading


@security.googleblog.com | 1 year ago

PHA Family Highlights: Triada

Posted by Lukasz Siewierski, Android Security & Privacy Team We continue our PHA family highlights series with the Triada family, whi... | Continue reading


@security.googleblog.com | 1 year ago

How effective is basic account hygiene at preventing hijacking

Posted by Kurt Thomas and Angelika Moscicki Every day, we protect users from hundreds of thousands of account hijacking attempts. Most at... | Continue reading


@security.googleblog.com | 1 year ago

Security Issue with Bluetooth Low Energy (BLE) Titan Security Keys

Posted by Christiaan Brand, Product Manager, Google Cloud We’ve become aware of an issue that affects the Bluetooth Low Energy (BLE) vers... | Continue reading


@security.googleblog.com | 1 year ago