Google has now launched a brand new initiative to assist third-party Android distributors to patch flaws and vulnerabilities quicker. It has launched a brand new Android Partner Vulnerability Initiative which basically helps producers in discovering flaws and fixing them quickly. Separately, Google can also be creating a brand new Android safety crew that can solely be centered on wanting for vulnerabilities in extremely delicate apps on Google Play retailer.
The new Android Partner Vulnerability Initiative (APVI) has been launched by Android Security and Privacy crew to handle safety issues associated with third-party Android distributors. The weblog submit explains that this initiative appears to be like to ‘drive remediation and supply transparency to customers about points found at Google that have an effect on system fashions shipped by Android companions.’
The APVI has already addressed plenty of safety points. It would not checklist vendor companions, however, a bug tracker for the initiative mentions OEMs like Oppo, Huawei, Vivo, ZTE, and Meizu. Chipmaker MediaTek has additionally been listed, together with Digitime and Transsion. Google mentions that many of the vulnerabilities discovered have been fastened by distributors. If something, this initiative will put some onus on Android distributors to take the safety of telephones and different units extra critically and repair points speedily.
Google has additionally revealed a brand new job posting wanting for a ‘Security Engineering Manager’ to assist ‘create and preserve the most secure working setting for Google’s customers and builders‘.
Sebastian Porst, Software Engineering Manager for Google Play Protect instructed ZDNet that Google is wanting to construct a crew that can give attention to extremely delicate apps like COVID-19 contact tracing apps and election-related functions. The job posting explains, “Your team will perform application security assessments against highly sensitive, third party Android apps on Google Play, working to identify vulnerabilities and provide remediation guidance to impacted application developers.”
While Google does have a bug bounty initiative known as the Google Play Security Reward Program (GPSRP) whereby it provides safety researchers cash in change for discovering bugs, however, this program is restricted to apps which have greater than 100 million customers and extremely delicate apps aren’t all the time eligible for GPSRP rewards. This new crew appears to be like to shut this loophole and assist make the Google Play retailer ecosystem just a little safer.