Collaborating to strengthen security across the Internet

We built our Safe Browsing technology to protect web users from malware and phishing attempts by alerting users when they try to visit dangerous websites. Safe Browsing protects more than just Chrome users – to make the Internet safer for everyone, we made this technology free for other companies to use in their browsers, including Apple’s Safari and Mozilla’s Firefox. Today, more than 3 billion devices are protected by Safe Browsing. We also alert website owners when their sites have security flaws and offer free tools to help them quickly fix the problems.

Backing our services with HTTPS encryption ensures you can connect to sites and enter your private information like credit card numbers without anyone intercepting your information. To encourage other websites to adopt this added security, we offer tools and resources to developers. HTTPS encryption is a criteria the Google Search algorithm uses when ranking websites in our search results. It‘s also used for top-level domains like .google or .app that use HSTS preloading, which enforces use of HTTPS on these domains.

We share our security technology whenever we believe it can provide value for others. For example, we make our Google Cloud Security Scanner freely available to developers so they can scan and analyze their web applications for security vulnerabilities in App Engine.

Project Shield is a service that uses our technology to help protect news, human rights, and election sites from distributed denial-of-service (DDoS) attacks. These attacks are attempts to take websites down and prevent voters from accessing vital information by overwhelming them with fake traffic. No matter the size of the website or the size of the attack, Project Shield is always free.

2-Step Verification (or 2SV) adds even more protection to your account by requiring a second verification step to sign in. While any form of 2SV, like SMS text message codes and push notifications, improves the security of your account, highly sophisticated attackers can occasionally circumvent these methods through targeted spear-phishing campaigns. Physical security keys prevent this by requiring you to tap your key to verify that it’s really you attempting to sign in. We consider security keys based on FIDO standards to be the strongest, most phishing-resistant method of 2SV available today.

To make this method of 2SV more accessible and convenient for everyone, we have built the anti-phishing protection of security keys directly into all Android 7.0+ devices — no extra keys to carry around. This means that you can now use your Android phone as a security key to verify your identity when you sign in. Use it to protect your personal Google Account or your G Suite Enterprise Account. We also recommend this technology for users of our Advanced Protection Program—like journalists, activists, business leaders and political campaign teams who are most at risk of targeted online attacks. Learn how to activate your Android's built-in security key.

Even the most security-conscious users can be tricked by phishing scams or other sophisticated and highly targeted attacks. The Advanced Protection Program is Google’s strongest security offering, designed to safeguard the personal Google Accounts of those most at risk of targeted attacks – like policymakers, campaign teams, journalists, activists, business leaders, or anyone else who believes they could be vulnerable to sophisticated digital attacks.

Since 2010 we have published the Transparency Report, which features statistics on things like phishing and malware detection and security initiatives like Safe Browsing. We also share data on the industry’s adoption of encryption for websites and email. We do this not only to share our progress with our users, but also to encourage others to adopt stronger security standards in the interest of a safer Internet for all.

At Google, we pioneered vulnerability reward programs that pay independent researchers to find vulnerabilities in our services. To reward all the cutting-edge external contributions that help us keep our users safe, every year we award millions of dollars in research grants and bug bounties. We currently offer vulnerability rewards for many of our products, including Chrome and Android.

In addition to engaging independent researchers, we also have an internal team of engineers called Project Zero, which tracks down and addresses security flaws in software used across the Internet.

Our researchers collaborate extensively with academia, industry groups, and non-governmental organization (NGOs) partners to advance the state of security, privacy, and anti-abuse research. We are developing transformative solutions to protect users everywhere through active collaboration, and our researchers support ambitious research projects by lending their expertise and providing access to Google resources.

We’ve always been at the forefront of co-creating or adopting the strongest possible sign-in and authentication standards on the web. We collaborate across the industry and share technology by developing centralized web standards. One such partnership with the nonprofit organization FIDO Alliance worked to set and deploy new industry standards for companies to use, ensuring secure account access for their employees.

We provide educational materials, training, and tools to help people around the world learn how to stay safe online. Our outreach team annually reaches more than 100 million people – including educators, students, parents, the elderly, and persons with disabilities – with online safety resources and training.