Google says that its Safe Browsing service already protects about 1 billion desktop users from all sorts of online nastiness, be it malware, unsavory software, or social engineering (particularly phishing) sites.
Make that 1 billion plus all its free-range users: Google last Monday (7 December) announced that it’s extending Safe Browsing inoculation to Chrome users on Android.
Google added unwanted software download warnings to its Safe Browsing warnings in August 2014 to give users a heads-up when software was doing something sneaky – like switching your homepage or other browser settings to ones you don’t want, piggybacking on another app’s installation, or collecting or transmitting private information without letting a user know, among other things.
Noé Lutz, Nathan Parker, and Stephan Somogyi, from Google’s Chrome and Safe Browsing teams, said on Google’s online security blog that the Android platform and Google’s Play Store have long had protection against potentially harmful apps.
(Mind you, that protection hasn’t always been foolproof: Nothing like a little Fake Flappy Birds sequel or fake anti-virus app to make that clear.)
At any rate, beyond Google’s attempts to protect Android and the Play Store from harmful apps, “not all dangers to mobile users come from apps,” as Google’s online security team members said.
Social engineering – phishing in particular – requires different protection, they said, and that requires Google to keep an up-to-date list of bad sites on the device to make sure the company can warn people before they browse into a trap.
Keeping that list from getting stale is one of many tricky things about protecting mobile users.
Beyond that complicating factor are the facts that…
mobile data costs money for most users,
mobile data speeds are slower than Wi-Fi in many places, and
connectivity quality can be spotty depending on where a user is.
Every one of those conditions means that “data size matters a lot,” Google said.
To protect precious network bandwidth and battery usage, Google says it thought hard about how to best protect mobile users.
That means factoring in location, for one thing. From the announcement:
Some social engineering attacks only happen in certain parts of the world, so we only send information that protects devices in the geographic regions they’re in.
Google has also paid attention to prioritizing the warnings and squashing them into bite-sized tidbits:
We send information about the riskiest sites first: if we can only get a very short update through, as is often the case on lower-speed networks in emerging economies, the update really has to count. We also worked with Google’s compression team to make the little data that we do send as small as possible.
Google says it also made the software “extra stingy with memory and processor use, and careful about minimizing network traffic.”
All of these details matter to us; we must not waste our users’ data plans, or a single moment of their battery life.
If you’re an Android user, you probably already have the new Safe Browsing mode. It’s part of Google Play Services, starting with version 8.1.
Chrome is the first app to use it, starting with version 46, and Google’s now protecting all Android Chrome users by default.
You can verify that it’s enabled by looking at the Privacy menu under Chrome settings.