Security quotes of the week [LWN.net]

The vulnerabilities described in amdflaws.com could give an attacker that has already gained initial foothold into one or more computers in the enterprise a significant advantage against IT and security teams.

— CTS-Labs [PDF] clarifies its report of serious AMD processor flaws

Play Protect's core objective is to shield users from Potentially Harmful Apps, or PHAs. Every day, it automatically reviews more than 50 billion apps, other potential sources of PHAs, and devices themselves and takes action when it finds any.

Play Protect uses a variety of different tactics to keep users and their data safe, but the impact of machine learning is already quite significant: 60.3% of all Potentially Harmful Apps were detected via machine learning, and we expect this to increase in the future.

— Dave Kleidermacher on the Google Security Blog

to post comments

Security quotes of the week

Posted Mar 22, 2018 12:09 UTC (Thu) by jezuch (subscriber, #52988) [Link] (4 responses)

> 50 billion apps

Whoa!

I guess what's missing here is how they count that. The only way I can think of that produces this number is that each Android device does the audit on locally installed apps. Every day.

Security quotes of the week

Posted Mar 22, 2018 13:25 UTC (Thu) by excors (subscriber, #95769) [Link] (3 responses)

It does say "Play Protect automatically checks Android devices for PHAs at least once every day" on "nearly two billion devices", and it doesn't sound implausible that an average device has 25 apps (particularly if it includes preinstalled system apps). So I guess they mean they're doing 50B hash comparisons per day, which doesn't sound so impressive.

The numbers of PHAs actually seem surprisingly low to me - the report says they're only detected on 0.56% of devices, and some of those PHAs aren't very harmful anyway (in the USA "Many of the PHA installations come from popular rooting tools and an app that fakes GPS coordinates to cheat at Pokémon Go").

Security quotes of the week

Posted Mar 23, 2018 20:13 UTC (Fri) by flussence (guest, #85566) [Link] (2 responses)

So it just detects apps that are potentially harmful to Google's bottom line. Makes sense, they'd have to remove 90% of the Play Store if it was coded to act in users' best interests.

Security quotes of the week

Posted Mar 23, 2018 20:55 UTC (Fri) by foom (subscriber, #14868) [Link] (1 responses)

I don't think that's a fair characterization...Here's a list of harmful behaviors it attempts to detect.

Security quotes of the week

Posted Mar 23, 2018 21:14 UTC (Fri) by flussence (guest, #85566) [Link]

Missing from that list (and what the Play Store is infamous for) is counterfeit software used mainly as an AdWords/IAP vector. This is consistent with how they allow their other services (like ContentID and DoubleClick) to be abused to harm users: as long as it's Google-Branded Evil, you can have as much of it as you want.