Google launches the Android Partner Vulnerability Initiative to improve the security of non-Pixel devices
We do more than ever on our smartphones these days, which makes device security incredibly important. With that in mind, Google’s Android Security & Privacy team on Friday announced a new initiative to help improve the security of non-Pixel devices.
Known as the Android Partner Vulnerability Initiative (APVI), the program will let users known when it has discovered security concerns that affect devices shipped by OEMs. “The APVI covers Google-discovered issues that could potentially affect the security posture of an Android device or its user and is aligned to ISO/IEC 29147:2018 Information technology — Security techniques — Vulnerability disclosure recommendations,” Google said.
Google currently has a number of programs that allow developers to report vulnerabilities to Google, including the Android Security Rewards Program (ASR) and the Google Play Security Rewards Program. Google then releases ASR reports in Android Open Source Project (AOSP) based code through Android Security Bulletins (ASB), which must be adopted by OEMs before rolling out the current month’s Android security patch level (SPL). The introduction of APVI adds another security layer.
As part of today’s announcement, Google noted some vulnerabilities it discovered related to pre-installed apps on third-party devices. In one instance, the search giant said a popular web browser pre-installed on many devices could have exposed the credentials of its users, including password information. Google reported the issue to the developer and an update was then rolled out to users.
If you’d like to check on the progress of APVI, you can visit this website, where Google will disclose any security issues it discovers under the program. There, you can already see Google has disclosed issues that affected devices released by OPPO, ZTE, Huawei, and more.