Interested in learning what's next for the gaming industry? Join gaming executives to discuss emerging parts of the industry this October at GamesBeat Summit Next. Learn more.
Google today offered an update on its Application Security Improvement Program. First launched five years ago, the program has now helped more than 300,000 developers fix more than 1 million apps on Google Play. In 2018 alone, it resulted in over 30,000 developers fixing over 75,000 apps.
Google originally created the Application Security Improvement Program to harden Android apps. The goal was simple: help Android developers build apps without known vulnerabilities, thus improving the overall ecosystem.
Application Security Improvement Program
When an Android app is submitted to the Google Play store, the company scans it for a variety of vulnerabilities. If one is present, Google lets the developer know and helps them fix it. Google doesn’t distribute those apps to Android users until the issues are resolved.
Event
Transform 2022
Join us at the leading event on applied AI for enterprise business and technology decision makers in-person July 19 and virtually from July 20-28.
Google compares the program to a health checkup: “Think of it like a routine physical. If there are no problems, the app runs through our normal tests and continues on the process to being published in the Play Store. If there is a problem, however, we provide a diagnosis and next steps to get back to healthy form.”
More vulnerabilities
By securing Android apps, Google is really beefing up Android security overall. It doesn’t matter if the security vulnerabilities were included accidentally or for nefarious reasons — if Google knows about them, they don’t get through.
The program covers a broad range of issues in Android apps, from vulnerabilities in certain versions of popular libraries to unsafe TLS/SSL certificate validation. And Google continues to expand it. In 2018, the company deployed warnings for six additional security vulnerability classes: SQL injection, file-based cross-site scripting, cross-app scripting, leaked third-party credentials, scheme hijacking, and JavaScript interface injection.
Given the success, Google plans to keep investing in the program. As new exploits emerge, the company will add them to the program’s warning list.
Google has made multiple Android security-related announcements this month alone. The company shared 2018 figures for its bug bounty numbers and Google Play Store app rejections. It also set new Android API level requirements to “improve the security of the app ecosystem.”
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.
