Google Launches New Program to Quickly Fix OEM Security Issues, Creating Team for Bug Discovery in Sensitive Apps
Google is working on creating a new Android security team that will only be focused on looking for vulnerabilities in highly sensitive apps on Google Play store.
Advertisement
Highlights
- Google‘s new APVI initiative has helped fixed flaws in Vivo phones
- This initiative looks to put some pressure on OEMs as well
- Google is building a team to acutely monitor sensitive apps
APVI essentially helps manufacturers in recognising flaws and fixing them
Google has now introduced a new initiative to help third-party Android vendors patch flaws and vulnerabilities faster. It has introduced a new Android Partner Vulnerability Initiative which essentially helps manufacturers in discovering flaws and fixing them soon. Separately, Google is also creating a new Android security team that will only be focused on looking for vulnerabilities in highly sensitive apps on Google Play store.
The new Android Partner Vulnerability Initiative (APVI) has been launched by Android Security and Privacy team to manage security issued related to third-party Android vendors. The blog post explains that this initiative looks to ‘drive remediation and provide transparency to users about issues discovered at Google that affect device models shipped by Android partners.'
The APVI has already addressed a number of security issues. It doesn't list vendor partners, but a bug tracker for the initiative mentions OEMs like Oppo, Huawei, Vivo, ZTE, and Meizu. Chip maker MediaTek has also been listed, along with Digitime and Transsion. Google mentions that most of the vulnerabilities found have been fixed by vendors. If anything, this initiative will put some onus on Android vendors to take security of phones and other devices more seriously and fix issues speedily.
Google has also published a new job posting looking for a ‘Security Engineering Manager' to help ‘create and maintain the safest operating environment for Google's users and developers'.
Advertisement
Sebastian Porst, Software Engineering Manager for Google Play Protect told ZDNet that Google is looking to build a team that will focus on highly sensitive apps like COVID-19 contact tracing apps and election-related applications. The job posting explains, “Your team will perform application security assessments against highly sensitive, third party Android apps on Google Play, working to identify vulnerabilities and provide remediation guidance to impacted application developers.”
While Google does have a bug bounty initiative called the Google Play Security Reward Program (GPSRP) wherein it offers security researchers money in exchange for finding bugs, but this program is limited to apps that have more than 100 million users and highly sensitive apps aren't always eligible for GPSRP rewards. This new team looks to close this loophole and help make the Google Play store ecosystem a little more secure.
Should the government explain why Chinese apps were banned? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts, Google Podcasts, or RSS, download the episode, or just hit the play button below.
Affiliate links may be automatically generated - see our ethics statement for details.
For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.
Further reading:
Google, Android Partner Vulnerability Initiative
Advertisement