Skip to main content

Android Security Improvement Update: Helping Developers Harden Their Apps, One Thwarted Vulnerability At A Time

By admin

Posted by Patrick Mutchler and Meghan Kelly, Android Security & Privacy Team

Helping Android app developers build secure apps, free of known vulnerabilities, means helping the overall ecosystem thrive. This is why we launched the Application Security Improvement Program five years ago, and why we're still so invested in its success today.

What the Android Security Improvement Program does

When an app is submitted to the Google Play store, we scan it to determine if a variety of vulnerabilities are present. If we find something concerning, we flag it to the developer and then help them to remedy the situation.

Think of it like a routine physical. If there are no problems, the app runs through our normal tests and continues on the process to being published in the Play Store. If there is a problem, however, we provide a diagnosis and next steps to get back to healthy form.

Over its lifetime, the program has helped more than 300,000 developers to fix more than 1,000,000 apps on Google Play. In 2018 alone, the program helped over 30,000 developers fix over 75,000 apps. The downstream effect means that those 75,000 vulnerable apps are not distributed to users with the same security issues present, which we consider a win.

What vulnerabilities are covered

The App Security Improvement program covers a broad range of security issues in Android apps. These can be as specific as security issues in certain versions of popular libraries (ex: CVE-2015-5256) and as broad as unsafe TLS/SSL certificate validation.

We are continuously improving this program's capabilities by improving the existing checks and launching checks for more classes of security vulnerability. In 2018, we deployed warnings for six additional security vulnerability classes including:

  1. SQL Injection
  2. File-based Cross-Site Scripting
  3. Cross-App Scripting
  4. Leaked Third-Party Credentials
  5. Scheme Hijacking
  6. JavaScript Interface Injection

Ensuring that we're continuing to evolve the program as new exploits emerge is a top priority for us. We are continuing to work on this throughout 2019.

Keeping Android users safe is important to Google. We know that app security is often tricky and that developers can make mistakes. We hope to see this program grow in the years to come, helping developers worldwide build apps users can truly trust.

Comments

Post a Comment

Popular posts from this blog

9774 hash passwords

By admin
blake2b-256(jade41) blake2b-256(jade420) blake2b-256(jade429) blake2b-256(jade44) blake2b-256(jade456) blake2b-256(jade4ever69) blake2b-256(jade50) blake2b-256(jade5264) blake2b-256(jade555) blake2b-256(jade5565) blake2b-256(jade69) blake2b-256(Jade69) blake2b-256(jade98) blake2b-256(jadebaby11121) blake2b-256(jadebink) blake2b-256(jadeblue) blake2b-256(jadecape) blake2b-256(jadeck) blake2b-256(jadeclub) blake2b-256(jaded) blake2b-256(jaded1) blake2b-256(jaded2) blake2b-256(jaded69) blake2b-256(jadedbaby) blake2b-256(jadedd) blake2b-256(jadedragonflower) blake2b-256(jadeds) blake2b-256(jadeduck) blake2b-256(jadeee) blake2b-256(jadeeeee) blake2b-256(jadefox) blake2b-256(jadehungder) blake2b-256(jadejade) blake2b-256(jadejord) blake2b-256(jadejs) blake2b-256(jadeland) blake2b-256(jadelilly) blake2b-256(jadelugo) blake2b-256(jadelyn) blake2b-256(jadelynn) blake2b-256(jadelynp) blake2b-256(jaden) blake2b-256(jaden0) blake2b-256(jaden1) blake2b-2...
Post a Comment
Read more

5525 Interesting News

By admin
TikTok Restoring Service for U.S. Users, After Trump Signals He Will Save It The pandemic has changed the shape of global happiness The "Scream" franchise adds another self-referential sequel Millions of Chinese people play guandan. Is that good or bad? A theatre in Jenin offers a different kind of Palestinian resistance Economic data, commodities and markets Covid-19 has shone a light on racial disparities in health Is Syria's drug-dealing dictator coming in from the cold? Female soldiers are changing how armed forces work This Tool Probes Frontier AI Models for Lapses in Intelligence How much cash should be removed from the financial system? Can the voluntary carbon market save the Amazon? File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add This week's cover War in space is no longer science fiction The best Apple deals you can get right now: Save on Apple TV+, AirPods, iPads and more Trump's Agg...
Post a Comment
Read more

The Base Blockchain Airdrop: Hidden Opportunities You Don’t Want to Miss!

By admin
The Base blockchain, supported by Coinbase, is making waves in the crypto space with its surging Total Value Locked (TVL) and potential airdrop opportunities. In this article, we'll dive deep into Base's ecosystem, its key protocols, and strategies for maximizing potential rewards. We'll also explore SynFutures, a standout perpetual protocol, and other exciting opportunities that could set the stage for a lucrative airdrop. Base Blockchain: A Rising Star Current Status Base has climbed to the sixth position among blockchains in terms of TVL, surpassing even Arbitrum, the long-time leader in Ethereum Layer 2 solutions. With $4 billion+ in TVL , Base's rapid growth is drawing attention from the crypto community. Why the Excitement Around a Potential Airdrop? Coinbase Backing: As a leading exchange, Coinbase's involvement ensures credibility and innovation. Changing Regulations: With evolving regulatory clarity, there's renewed optimism for potential rewards lik...
Post a Comment
Read more