Google will now name and shame Android OEMs with insecure software

Reading time icon 1 min. read


Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

Google’s security researchers are expanding the scope of their work, and will now be investigating bugs in the software which ships on the handsets of Android OEMs such as Huawei, ZTE and Samsung.

The new program is called the Android Partner Vulnerability Initiative (APVI), and will have Google’s Android Security & Privacy team investigate and disclose flaws in OEM software.

“The APVI covers Google-discovered issues that could potentially affect the security posture of an Android device or its user and is aligned to ISO/IEC 29147:2018 Information technology — Security techniques — Vulnerability disclosure recommendations,” Google said.

The team has already uncovered and reported a number of vulnerabilities to OEMs, not all of which has been fixed.

The program is in addition to others such as the Android Security Rewards Program (ASR) and the Google Play Security Rewards Program, which contributes to the Android Security Bulletins (ASB), which eventually results in the monthly Android security patch level (SPL).

You can keep an eye on the latest disclosed vulnerabilities at the Chromium bug tracker here.

via XDA-Dev

User forum

0 messages