Over its five-year lifetime, the Android Application Security Improvement Program helped over 300,000 developers to fix more than 1,000,000 apps on Google Play, Google says.
The program was launched to help the Android ecosystem thrive by helping developers improve the security of their applications and eliminate vulnerabilities from them.
Through this initiative, Google scans all applications submitted to the official storefront to determine if a variety of vulnerabilities are present. Should any issues emerge, the Internet giant then alerts the developer and helps them address the issues.
This allowed the Internet giant to fix over 1,000,000 apps since the Application Security Improvement Program’s launch. Last year, the program helped over 30,000 developers fix over 75,000 apps, the company says.
“The downstream effect means that those 75,000 vulnerable apps are not distributed to users with the same security issues present, which we consider a win,” Patrick Mutchler and Meghan Kelly, Android Security & Privacy Team, note in a blog post.
The program covers a large variety of problems in Android applications, including vulnerabilities in certain versions of popular libraries, and other issues with broader impact.
The Internet search giant says it also focuses on improving existing checks and expanding them to cover more classes of security vulnerabilities, to ensure the program evolves to cover emerging exploits.
“Think of it like a routine physical. If there are no problems, the app runs through our normal tests and continues on the process to being published in the Play Store. If there is a problem, however, we provide a diagnosis and next steps to get back to healthy form,” Mutchler and Kelly note.
Source: infosec island