Google Explains How It Protects Android Users From Ransomware

Ransomware became something of a hot topic in 2016. The particularly nasty form of malware uses encryption to lock you out of your devices--or at least make you think you can't access them--and last year it entered the realm of public consciousness faster than Madonna did back in the '80s. Google has taken steps to protect Android devices from ransomware, and the company explained some of those precautions in a new blog post.

This post, much like the Year in Review the company published earlier this month, was written for a wide audience. That accomplishes two things: It helps combat the public perception that Android is a playground for hackers, and it makes you more aware of how companies like Google defend against ransomware. The first achievement is questionable--Android is historically less secure than iOS--but the second is important to note.

First there are the protections themselves. Google listed in its blog post the following improvements made to Android N:

Safety blinders: Apps can no longer see which other apps are active. That means scammy ones can’t see what other apps are doing—and can’t inform their attacks based on activity.Even stronger locks: If you set a lockscreen PIN prior to installing ransomware, ransomware can’t misuse your device’s permissions to change your PIN and lock you out.Whacking clickjacking: “Clickjacking” tricks people into clicking something, often by obscuring permission dialogs behind other windows. You’re now protected from ransomware attacks that use this tactic to sneakily gain control of a device.

Those features complement other safeguards, such as Verify Apps, which Google described as a security system that "analyzes apps before they are installed and then regularly checks more than 400 million devices and 6 billion apps everyday" for potentially malicious software. Android N also features improved sandboxing--which restricts the information apps can access--and defenses borrowed from the Linux kernel.

Android still plays host to malware. That's partly because many Android devices aren't updated with security patches, often due to manufacturers and carriers neglecting to distribute Google's updates to older products, and partly because Android is a pretty attractive target. It's used by more people than is iOS, and it's also used in more devices, from smartphones and tablets to Internet of Things products like refrigerators and coffee makers.

It's important for everyone to understand their preferred device's vulnerabilities and how they're mitigated. Ransomware is a growing threat, and even though it can't be held responsible for what manufacturers and carriers do with Android, it's clear that Google wants to provide a secure foundation upon which those other companies can build. Behind-the scenes fixes are great; easily understood explanations of those features are, too.

Google also provided some information about how to mitigate threats yourself. Most of it should be familiar--don't install shady apps from unknown sources, back up your data so you don't have to worry about losing access to it, etc.--but the bit about how to respond if your Android device is hit with ransomware could help if you're frantically searching (really, Googling) for how to regain access while preserving as much data as possible.

Nathaniel Mott
Freelance News & Features Writer

Nathaniel Mott is a freelance news and features writer for Tom's Hardware US, covering breaking news, security, and the silliest aspects of the tech industry.

  • techy1966
    So I got to ask since Android and Windows get hit with this stuff does IOS as well or do all the scam artist out there use IOS devices only so they leave them Or does Apple try to keep things like that all hush hush I knwo the Mac's are now getting hit with crapware now days but it is rarely ever covered in the open news.
  • qazzi
    @TECH1966 you should read this
  • mrmez
    Macs and IOS still get hit, but much less.

    Many factors include lower user numbers (MacOS specifically), but on the IOS front the 2 main reasons are that Apple locks down installation of software to what you get on the app store only. It's very hard to get nefarious apps through.

    The biggest reason for Android's vulnerability is the fragmentation of OS upgrades that mitigate a lot of risk. For example, when a new IOS comes out, the adoption rates are insane. Within a few months ~80% of Apple users could be on the current OS. With Android, as the article says, software updates are often manufacturer specific. So while Samsung and other big companies might have the new software really soon, there are dozens of others that might never get the updates, despite being quite new. That's pretty damaging to the stats overall.

    This from TechCrunch kind sums it up...
    "Despite this delay to notify users, now more than half the active user base moved to iOS 10. For comparison’s sake, Android 7.0 “Nougat,” which arrived several weeks ahead of iOS 10, is only installed on 0.1 percent of devices."
  • Chettone
    If you own a Mac or iPhone you have been already kidnapped,brainwashed and with no money left. No need to ransomware those users.
  • cats_Paw
    A friend of mine brought me a Laptop with ransomware on it.
    I googled it and wrote in the key that someone who broke that particular ransomware made public.
    not sure how it works but in that case it was easy to eliminate from the PC once I had access to it.
  • mrmez
    19494051 said:
    If you own a Mac or iPhone you have been already kidnapped,brainwashed and with no money left. No need to ransomware those users.,34038.html

    Grab a coke and a smile and STFU.