Google’s App Security Improvement Program has helped catch vulnerabilities in over 1,000,000 apps
Security is a common concern when it comes to smartphones and it has always been especially important for Android. Google has done a lot over the years to change Android’s reputation and improve security. Monthly Android security patches are just one part of the puzzle. Five years ago, the company launched the Application Security Improvement Program. Today, they’re sharing some of the success they’ve had.
First, a little information on the program. When an app is submitted to the Play Store, it gets scanned to detect a variety of vulnerabilities. If something is found, the app gets flagged and the developer is notified (above). Diagnosis is provided to help get the app back in good standing. Over the five-year life of the program, Google has helped over 300,000 developers fix more than 1 million apps. Last year alone, the program helped developers fix over 75,000 apps.
So what types of vulnerabilities is the program trying to catch? The list is always growing as Google continues to monitor and improve the capabilities of the program. In 2018, they added six new vulnerability classes:
- SQL Injection
- File-based Cross-Site Scripting
- Cross-App Scripting
- Leaked Third-Party Credentials
- Scheme Hijacking
Google understands that developers can make mistakes sometimes and they hope to help catch those issues for years to come. Security will continue to be a big talking point as technology evolves. It’s important for users to be able to trust the apps on their phones.