Google Tries To Advance IoT Security With Android Things

Someone might finally have found a way to make the Internet of Things (IoT) less of a threat. Google released a developer preview of Android Things, an Android-based platform, and updated Weave to make it easier for companies to produce and maintain IoT products. This could in turn make those connected gadgets--and therefore the internet as a whole--more secure than they have been in the past.

Android Things is meant to help manufacturers create IoT devices the same way they would make an app for a phone. Many companies are familiar with developing for the platform, so expanding tools like the Android Software Development Kit, Google Cloud Platform, and others to the IoT makes sense. The platform could also help Google expand its reach by making other companies rely on its software for many of their internet-connected products.

But the biggest impact Android Things could have on IoT devices involves security. Here's what Google said in its announcement:

Now any Android developer can quickly build a smart device using Android APIs and Google services, while staying highly secure with updates direct from Google. We incorporated the feedback from Project Brillo to include familiar tools such as Android Studio, the Android Software Development Kit (SDK), Google Play Services, and Google Cloud Platform. And in the coming months, we will provide Developer Preview updates to bring you the infrastructure for securely pushing regular OS patches, security fixes, and your own updates, as well as built-in Weave connectivity and more.

Note that security is mentioned a few times. Google wants to make IoT products less reliant on their manufacturers for software updates, and will provide the tools needed to make operating system patches and other security fixes. Companies will no longer have to develop and release their own software whenever a vulnerability is discovered in their products; Google and its security team will do all of the heavy lifting with Android Things.

That's good news. Android Things comes after the world got some more glimpses into how insecure many products can be. IoT devices were used to take down popular websites on the East Coast (and elsewhere) in October. Then in November, critical vulnerabilities were discovered in popular IoT cameras--a problem that repeated itself when backdoors were found in Sony's internet-connected cameras in early December. The IoT market had a bad couple of months.

These issues have led to calls to improve the security of IoT devices. The problem is that many companies drag their feet in responding to problems, lack the infrastructure to push updates to devices that have already been sold, or simply don't care about the security of their products. Making sure these devices are safe for their owners and for the internet at large just isn't a priority for the manufacturers churning them out.

Android Things could fix that. It sounds like Google has learned from the mistake it made with Android, where manufacturers are free to release or not release critical updates as they please, and will use this IoT platform to make sure all of the devices that rely on it are kept up to date. If security becomes more convenient and companies don't have to develop software updates themselves, the IoT could become much safer than it is today.

Google said Android Things is currently available as a developer preview. Qualcomm has already announced support for the platform with its Snapdragon processors, and other companies are likely to follow suit. Google has also updated Weave, a platform that bridges IoT devices and the cloud services on which they rely, to "make it easier for all types of devices to connect to the cloud and interact with services like the Google Assistant."

Nathaniel Mott
Freelance News & Features Writer

Nathaniel Mott is a freelance news and features writer for Tom's Hardware US, covering breaking news, security, and the silliest aspects of the tech industry.

  • jasonkaler
    "--and therefore the internet as a whole--more secure than they have been in the past"

    I don't think android IoT is much of a player in terms of the internet as a whole.
    Android smartphones yes, but IoT, not so much.
    Reply
  • "Android Things", really?
    Reply
  • RomeoReject
    "I don't think android IoT is much of a player in terms of the internet as a whole.
    Android smartphones yes, but IoT, not so much."

    Hopefully somebody wiser than myself can post, but the big shutdown on the web last month was purportedly done by using a bunch of IoT connected devices, so their logic does seem sound.
    Reply
  • boosted1g
    "I don't think android IoT is much of a player in terms of the internet as a whole.
    Android smartphones yes, but IoT, not so much."

    Seem to be missing the entire point which is to change that by making it more alluring to companies to use Android IoT to both make development easier and to take the responsibility of exploit patching off of the manufacturers shoulders.
    Thus if successfull then Android IoT would have a larger footprint in the internet as a whole.
    Reply
  • jasonkaler
    19008541 said:
    "I don't think android IoT is much of a player in terms of the internet as a whole.
    Android smartphones yes, but IoT, not so much."

    Seem to be missing the entire point which is to change that by making it more alluring to companies to use Android IoT to both make development easier and to take the responsibility of exploit patching off of the manufacturers shoulders.
    Thus if successfull then Android IoT would have a larger footprint in the internet as a whole.

    The single biggest factor in implementing IoT is cost.
    IoT will be increasingly dominated by cheaper chipsets such as the ESP8266. At $1 per unit, it will flood the market 100x more than android ever will.
    Reply