PINDROP BLOG

Social Engineering Protection Comes to Android

Google, as the de facto owner of the Internet, is in a unique position to effect change on the network, and one piece of that equation is the ability to protect users from various threats. That can take a number of forms, and the most recent move from the company is a change to Android that will help defend against social engineering and other kinds of attacks on mobile devices.

The company has added its Safe Browsing protection to the Chrome browser for Android, a feature that’s been available in the desktop version of Chrome for years. Safe Browsing is a feature designed to prevent users from visiting phishing or overtly malicious sites. It relies on Google’s constantly updated database of known-bad URLs and the service shows users warnings about potentially harmful content or fraudulent sites.

Adding the Safe Browsing client to Android devices by default brings that protection to a large swath of users who may use their phones as their main computing devices.

Social engineering—and phishing in particular—requires different protection; we need to keep an up-to-date list of bad sites on the device to make sure we can warn people before they browse into a trap. Providing this protection on a mobile device is much more difficult than on a desktop system, in no small part because we have to make sure that list doesn’t get stale,” a post by Google’s Noé Lutz, Nathan Parker, and Stephan Somogyi says.

One of the challenges of bringing this kind of protection to the phone channel is that users behave differently on mobile devices than they do on desktops. Users are more likely to click on links on mobile devices and it can be more difficult to determine what’s a phishing site or a social engineering attack. Google also faced the challenge of pushing updates for Safe Browsing to mobile devices, some of which have limited network connectivity and processing power.

“We also make sure that we send information about the riskiest sites first: if we can only get a very short update through, as is often the case on lower-speed networks in emerging economies, the update really has to count. We also worked with Google’s compression team to make the little data that we do send as small as possible,” Google’s engineers said.

“Together with the Android Security team, we made the software on the device extra stingy with memory and processor use, and careful about minimizing network traffic.”

Photo from Flickr stream of Danny Sullivan.

Webinar: Call Center Fraud Vectors & Fraudsters Defeated