Skip to main content

Android Security Improvement Update: Helping Developers Harden Their Apps, One Thwarted Vulnerability At A Time

By admin

Posted by Patrick Mutchler and Meghan Kelly, Android Security & Privacy Team

Helping Android app developers build secure apps, free of known vulnerabilities, means helping the overall ecosystem thrive. This is why we launched the Application Security Improvement Program five years ago, and why we're still so invested in its success today.

What the Android Security Improvement Program does

When an app is submitted to the Google Play store, we scan it to determine if a variety of vulnerabilities are present. If we find something concerning, we flag it to the developer and then help them to remedy the situation.

Think of it like a routine physical. If there are no problems, the app runs through our normal tests and continues on the process to being published in the Play Store. If there is a problem, however, we provide a diagnosis and next steps to get back to healthy form.

Over its lifetime, the program has helped more than 300,000 developers to fix more than 1,000,000 apps on Google Play. In 2018 alone, the program helped over 30,000 developers fix over 75,000 apps. The downstream effect means that those 75,000 vulnerable apps are not distributed to users with the same security issues present, which we consider a win.

What vulnerabilities are covered

The App Security Improvement program covers a broad range of security issues in Android apps. These can be as specific as security issues in certain versions of popular libraries (ex: CVE-2015-5256) and as broad as unsafe TLS/SSL certificate validation.

We are continuously improving this program's capabilities by improving the existing checks and launching checks for more classes of security vulnerability. In 2018, we deployed warnings for six additional security vulnerability classes including:

  1. SQL Injection
  2. File-based Cross-Site Scripting
  3. Cross-App Scripting
  4. Leaked Third-Party Credentials
  5. Scheme Hijacking
  6. JavaScript Interface Injection

Ensuring that we're continuing to evolve the program as new exploits emerge is a top priority for us. We are continuing to work on this throughout 2019.

Keeping Android users safe is important to Google. We know that app security is often tricky and that developers can make mistakes. We hope to see this program grow in the years to come, helping developers worldwide build apps users can truly trust.

Comments

Post a Comment

Popular posts from this blog

The Base Blockchain Airdrop: Hidden Opportunities You Don’t Want to Miss!

By admin
The Base blockchain, supported by Coinbase, is making waves in the crypto space with its surging Total Value Locked (TVL) and potential airdrop opportunities. In this article, we'll dive deep into Base's ecosystem, its key protocols, and strategies for maximizing potential rewards. We'll also explore SynFutures, a standout perpetual protocol, and other exciting opportunities that could set the stage for a lucrative airdrop. Base Blockchain: A Rising Star Current Status Base has climbed to the sixth position among blockchains in terms of TVL, surpassing even Arbitrum, the long-time leader in Ethereum Layer 2 solutions. With $4 billion+ in TVL , Base's rapid growth is drawing attention from the crypto community. Why the Excitement Around a Potential Airdrop? Coinbase Backing: As a leading exchange, Coinbase's involvement ensures credibility and innovation. Changing Regulations: With evolving regulatory clarity, there's renewed optimism for potential rewards lik...
Post a Comment
Read more

The Dawn of a Global Bitcoin Gold Rush: Why Governments May Soon Join the Race

By admin
Picture a world where governments, not just early adopters and tech enthusiasts, scramble to hold Bitcoin before their geopolitical rivals do. This scenario, once considered science fiction, is becoming increasingly plausible. As major asset managers hint at portfolio exposure, U.S. political leaders signal a shift toward pro-crypto regulation, and states within the U.S. prepare strategic Bitcoin reserves, the stage is set for a massive influx of institutional and governmental participation. Far from the fleeting hype cycles of the past, this is a moment backed by data, historical patterns, and powerful players with trillions of dollars at their disposal. In 2020, Bitcoin's meteoric rise coincided with a similar point in its four-year halving cycle. Fast forward to 2024: conditions now are even more favorable, with unprecedented scarcity in the market and global interests aligning to accelerate adoption. The impatience seen in some corners of the crypto community, worried that Bitc...
Post a Comment
Read more

6 Airdrops You Probably Won — Check Now and Claim Your Rewards!

By admin
6 Airdrops You Probably Won — Check Now and Claim Your Rewards! The world of cryptocurrency is witnessing yet another resurgence of airdrops, with projects rushing to capitalize on the market's bullish momentum. These distributions present a golden opportunity for crypto enthusiasts to claim free tokens, often with significant market valuations. In this guide, we'll break down six exciting airdrops that are currently claimable and provide actionable steps to maximize your rewards. Why Cryptocurrency Airdrops Are a Big Deal Airdrops are not a new phenomenon in the crypto world, but their resurgence in 2024 has been remarkable. Two main factors contribute to their growing popularity: 1. High Market Valuations: Recent examples include: Hype by Hyper Liquid: Market cap peaked at $10 billion. Move by Movement: Touched $2.3 billion. Pengu by Pudgy Penguins: Reached $4.2 billion during its launch. 2. Frenzied Project Launches: Many projects are fast-tracking token releases to rid...
Post a Comment
Read more