Android's recently released Oreo update packs in plenty of features, including a battery life boost and a notifications rethink. But Oreo's most important improvements will happen behind the scenes, with a host of security updates designed to evolve with ever-expanding digital threats. From halting ransomware to blocking malicious apps and easing Android's longstanding fragmentation woes, Oreo tackles some big problems. For the security developers who work behind the scenes, though, it's just one more step on a journey that never really ends.

With more than two billion monthly active devices, the majority of them not on the latest—or even recent—version, Android presents a popular target for hackers. Stopping them takes more than a yearly release. It takes the kind of longview, holistic effort that Google has employed for years.

"It’s funny how much the world focuses on the launch of a specific product. In the security world that approach doesn’t really work," says Adrian Ludwig, the director of Android Security. "Sometimes a change we made three years ago becomes relevant this year, or a change we’re making now becomes relevant four years from now. It’s iterative, we make changes with every release. Visibility and quick response go hand in hand with the ability to make longer-term changes and bake them into the platform."

Android Security's long view may be an asset, but the group doesn't waste the chance to capitalize on the more tangible benefits of Android's marketshare and Google's reach. Virtually all of the new defense features in Android Oreo stem from or were informed by analysis to spot trends in threat data, Google Play activity, and user behavior.

“There hasn’t been a huge widespread bug that affects every single version of Android recently, but there are still a lot of critical vulnerabilities that are affecting the core Android framework and platform,” says Andrew Blaich, a security researcher who specializes in Android at the mobile security firm Lookout. “But with the Oreo security updates they’re at least minimizing the impact because there is an update mechanism in place. And Google is able to react quicker to a lot of [security incidents] now, which is a good thing.”

Just how much more secure will Oreo make your phone? That depends in part on if and when you'll get the update. But assuming you do, it's quite a haul.

App World

Take Google Play Protect, part of Android Security’s detection and reaction infrastructure, which scans devices for suspicious app activity. With 50 billion apps scanned per day, precision counts.

The app scanning that goes into Play Protect has existed behind the scenes under other names for years, but Android Security surfaced the mechanism for customers this year and has used it to do a new type of visibility research. Android data scientist Megan Ruthven and others have developed techniques for detecting distribution of extremely targeted malware, the type that might be narrowly distributed to high-value marks. So far, Ruthven's research has turned up 3,000 unique samples of malware, each with an average of just 130 users affected. This ability to detect such a faint signal helps protect each individual user, while also allowing Android Security to spot nascent threats early. "Google Play Protect has such a high penetration rate over all Android devices that we are able to find these specific, targeted spywares," Ruthven says.

Android’s scanners don’t catch everything, though, and researchers still regularly find malicious software that has made it past Google’s protections to land in the Play Store. In August alone, third-party analysts discovered hundreds of compromised financial apps, spyware, and even apps that spread malware to build Android botnets and power DDoS attacks.