News

Google has helped 300,000 Android developers fix security vulnerabilities in over 1 million apps

Google has helped 300,000 Android developers fix security vulnerabilities in over 1 million apps


Google today offered an update on its Application Security Improvement Program. First launched five years ago, the program has now helped more than 300,000 developers fix more than 1 million apps on Google Play. In 2018 alone, it resulted in over 30,000 developers fixing over 75,000 apps.

Google originally created the Application Security Improvement Program to harden Android apps. The goal was simple: help Android developers build apps without known vulnerabilities, thus improving the overall ecosystem.

Application Security Improvement Program

When an Android app is submitted to the Google Play store, the company scans it for a variety of vulnerabilities. If one is present, Google lets the developer know and helps them fix it. Google doesn’t distribute those apps to Android users until the issues are resolved.

Google compares the program to a health checkup: “Think of it like a routine physical. If there are no problems, the app runs through our normal tests and continues on the process to being published in the Play Store. If there is a problem, however, we provide a diagnosis and next steps to get back to healthy form.”

More vulnerabilities

By securing Android apps, Google is really beefing up Android security overall. It doesn’t matter if the security vulnerabilities were included accidentally or for nefarious reasons — if Google knows about them, they don’t get through.

The program covers a broad range of issues in Android apps, from vulnerabilities in certain versions of popular libraries to unsafe TLS/SSL certificate validation. And Google continues to expand it. In 2018, the company deployed warnings for six additional security vulnerability classes: SQL injection, file-based cross-site scripting, cross-app scripting, leaked third-party credentials, scheme hijacking, and JavaScript interface injection.

Given the success, Google plans to keep investing in the program. As new exploits emerge, the company will add them to the program’s warning list.

Google has made multiple Android security-related announcements this month alone. The company shared 2018 figures for its bug bounty numbers and Google Play Store app rejections. It also set new Android API level requirements to “improve the security of the app ecosystem.”



Source link

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *