Thursday, April 25, 2024
News

New Google security program makes the best Android phones way more secure

By Android Central
New Google security program makes the best Android phones way more secure

Share

The Android Partner Vulnerability Initiative has been launched to manage security issues that are unique to specific device manufacturers.

android-partner-vulnerability-initiative

What you need to know

  • Google has introduced the Android Partner Vulnerability Initiative.
  • The new program has been designed to provide transparency to users regarding security issues affecting devices from Android partners.
  • A few major security vulnerabilities affecting devices from some OEMs have already been discovered thanks to the new program.

Google today rolled out a new program that has been designed specifically to manage security issues specific to Android OEMs. The new Android Partner Vulnerability Initiative aims will make the best Android phones even more secure by remedying issues that affect device models made by OEMs.

Google has various programs that allow security researchers to report any security vulnerabilities. While vulnerabilities in Android code can be reported via the Android Security Rewards Program (ASR), issues in third-party Android apps can be submitted through the Play Security Rewards Program. Until now, however, there was no way to manage issues affecting only specific Android OEMs.

Google says the Android Partner Vulnerability Initiative is aligned to ISO/IEC 29147:2018 Information technology – security techniques – Vulnerability disclosure recommendations and covers issues impacting device code that it doesn’t service or maintain itself. The APVI has already helped process quite a few security issues, including credential leaks, generation of unencrypted backups, and execution of code in the kernel.

Google found a custom system service in the Android framework in some versions of a third-party pre-installed over-the-air (OTA) update solution, which enabled access to sensitive APIs such as enabling or disabling apps and granting app permissions. The service was found in the code base for many device builds across multiple OEMs. Google has made the OEMs aware of the issue and guided them on how they can remove the affected code. It also found a major security vulnerability in a popular web browser pre-installed on many devices, which could have allowed malicious sites to access the user’s saved passwords.

You can find more information on these issues and future disclosures here.

Get More Pixel 4a

Google Pixel 4a



pixel-4a-render-front.jpg

$349 at Amazon
$350 at Best Buy

  • Google Pixel 4a review
  • Best Pixel 4a cases
  • Best Pixel 4a screen protectors

Table of contents

Read more

More News

The AIVAnet is a collector and classifier of app news articles and online technology news, which works automatically by collecting and collating the RSS feeds from popular sites (IOS news feed,latest tablet news, etc.).
The articles deal with mobile app reviews, especially with android reviews, and IOS. One of the central thematic axes is also the comparisons. You can find articles with tablet reviews, comparisons and mobile OS systems or mobile OS stats.
We also provide some of the most popular app news express, for android and IOS or windows phone. The online technology news that you can find in our pages are just opinions and ideology, allowing you to see how different news agencies present the same news.

AIVAnet is supported by Cloud Services Store

Company

© AIVAnet