Google on Friday announced the Android Partner Vulnerability Initiative (APVI), an effort aimed at improving patching of security issues specific to Android OEMs.
Through the new initiative, the tech giant also expects to improve transparency around vulnerabilities identified by Google’s own researchers, but which impact device models coming from the company’s Android partners.
Google already provides security researchers with various programs through which they can report security issues, such as the Android Security Rewards Program (ASR), which is for reporting vulnerabilities in Android code, and the Google Play Security Rewards Program, for reporting bugs in popular third-party Android apps.
ASR reports that have a broad impact on Android-based devices are delivered to the Android Open Source Project (AOSP) base code, as part of the Android Security Bulletins (ASB), and all partners are required to adopt these security changes for their devices in order to be able to declare a specific month’s Android security patch level (SPL).
“But until recently, we didn’t have a clear way to process Google-discovered security issues outside of AOSP code that are unique to a much smaller set of specific Android OEMs. The APVI aims to close this gap, adding another layer of security for this targeted set of Android OEMs,” Google explains.
All issues discovered within Google and which could potentially impact the security of an Android device are covered by the APVI. A variety of security bugs affecting code not maintained by Google are included here, the company says.
The initiative has already kicked off and various types of security issues have been processed, including permission bypass, code execution within the kernel, leak of credentials, and the generation of unencrypted backups.
As part of the program, Google-discovered vulnerabilities will be publicly disclosed on Google’s Chromium portal. Detailed information on issues that have already been disclosed is also found there.
Related: Android’s September 2020 Patches Fix Critical System Vulnerabilities
Related: Chinese Drone Giant DJI Responds to Disclosure of Android App Security Issues
Related: Critical Bluetooth Vulnerability Exposes Android Devices to Attacks
More from Ionut Arghire
- Former Ubiquiti Employee Who Posed as Hacker Pleads Guilty
- Atlassian Warns of Critical Jira Service Management Vulnerability
- Exploitation of Oracle E-Business Suite Vulnerability Starts After PoC Publication
- Google Shells Out $600,000 for OSS-Fuzz Project Integrations
- F5 BIG-IP Vulnerability Can Lead to DoS, Code Execution
- Flaw in Cisco Industrial Appliances Allows Malicious Code to Persist Across Reboots
- HeadCrab Botnet Ensnares 1,200 Redis Servers for Cryptomining
- Malicious NPM, PyPI Packages Stealing User Information
Latest News
- Fraudulent “CryptoRom” Apps Slip Through Apple and Google App Store Review Process
- US Downs Chinese Balloon Off Carolina Coast
- Microsoft: Iran Unit Behind Charlie Hebdo Hack-and-Leak Op
- Feds Say Cyberattack Caused Suicide Helpline’s Outage
- Big China Spy Balloon Moving East Over US, Pentagon Says
- Former Ubiquiti Employee Who Posed as Hacker Pleads Guilty
- Cyber Insights 2023: Venture Capital
- Atlassian Warns of Critical Jira Service Management Vulnerability
