Think of it like a physical. If there aren’t any issues, to being printed in the Play Store the app runs through our normal tests and proceeds on the procedure. When there’s a problem, however, we provide a diagnosis and next steps to get back to healthy form.

Helping Android app developers build free of known vulnerabilities, protected programs, means helping the ecosystem flourish. This is the reason we launched the Application Security Development Program five years ago, and why we are still so invested in its success now.

What the Android Security Improvement Program does

Posted by Patrick Mutchler and Meghan Kelly, Android Security & Privacy Team

Ensuring that we’re continuing to evolve the program since new loopholes emerge is a priority for us. We are continuing to work on this throughout 2019.

When an app is submitted into the Google Play store, we scan it to determine whether a variety of vulnerabilities are present. When we find something about, it is flagged by us and help them to remedy the situation.

Keeping Android users secure is important to Google. We know developers can make errors and that program security can be tricky. We hope to see this program grow in the years to come, helping programmers worldwide build apps users can truly trust.

The abilities of this program are improving by improving the checks and launching checks. In 2018, we deployed warnings for six extra security vulnerability courses such as:

  1. SQL Injection
  2. File-based Cross-Site Scripting
  3. Cross-App Scripting
  4. Leaked Third-Party Credentials
  5. Scheme Hijacking
  6. JavaScript Interface Injection

Over its lifetime, the program has assisted more than 300,000 developers to fix more than 1,000,000 apps. Over 30,000 programmers, the program helped in 2018 alone fix 75,000 programs over. The effect means that those 75,000 programs that are vulnerable are not distributed to users with the exact same security problems pose, which we believe a triumph.

The App Security Development program covers a wide assortment of security issues in Android programs. These can be as specific as safety problems in certain versions of popular libraries (ex: CVE-2015-5256) and as broad as dangerous TLS/SSL certification validation.