Explore the latest Android security features and their impact on app development in this Google I/O 2018 conference talk. Discover new APIs and best practices for safeguarding app integrity and data privacy. Learn about Android's security strategy, potentially harmful app installations, and exploit pricing. Gain insights from case studies featuring Bigfoot Biomedical, Duo Security, and Google Pay transit. Understand the importance of stronger key protection and the new StrongBox KeyStore type. Compare different KeyStore types and learn how to implement StrongBox when generating keys. Examine various methods for gating on authentication and the benefits of TLS by default for data-in-transit integrity. Explore Key Attestation for device integrity checks and discover how Android is providing users with more control over their data.
Overview
Syllabus
Intro
Android Security Strategy
Installs of potentially harmful apps
Exploit pricing
Bigfoot Biomedical
Duo Security
Launch Partners
Case study: Google Pay transit
Why stronger key protection?
StrongBox: additional KeyStore type
Comparison of KeyStore types
Set StrongBox when generating the key
Comparing ways to gate on auth
TLS by default: integrity of data-in-transit
Key Attestation: to check device integrity
More user control over data
Taught by
Android Developers
