Google will now name and shame Android OEMs with insecure software

Google’s security researchers are expanding the scope of their work, and will now be investigating bugs in the software which ships on the handsets of Android OEMs such as Huawei, ZTE and Samsung.

The new program is called the Android Partner Vulnerability Initiative (APVI), and will have Google’s Android Security & Privacy team investigate and disclose flaws in OEM software.

Advertisements

“The APVI covers Google-discovered issues that could potentially affect the security posture of an Android device or its user and is aligned to ISO/IEC 29147:2018 Information technology — Security techniques — Vulnerability disclosure recommendations,” Google said.

The team has already uncovered and reported a number of vulnerabilities to OEMs, not all of which has been fixed.

The program is in addition to others such as the Android Security Rewards Program (ASR) and the Google Play Security Rewards Program, which contributes to the Android Security Bulletins (ASB), which eventually results in the monthly Android security patch level (SPL).

Advertisements

You can keep an eye on the latest disclosed vulnerabilities at the Chromium bug tracker here.

via XDA-Dev

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.