Google has launched a new program to fix Android vulnerabilities that the search giant has discovered in third-party hardware and software, such as Android device manufacturers.
“Google's Android Security Team has launched the Android Partner Security Vulnerability Initiative (APVI) to address security concerns among Android device manufacturers,” said Program Director Kylie MacRoberts.
Security engineer Alec Guertin said: The Android Partner Vulnerability Initiative (APVI) aims to encourage fixes and provide users with transparency about issues discovered by Google that affect devices sold by Android partners.
This plan complements other Google initiatives to identify and solve Android security issues with the help of security researchers, such as: b. Android Security Reward Program and Google Play Store Security Reward Program. .
The issues affecting the Android Open Source Project (AOSP) affect all Android devices and are exposed through the Android Security Reward Program report published in the Monthly Android Security Bulletin (ASB).
However, the vulnerabilities that Google discovered outside of the Android Open Source Project (AOSP) that only affect a small number of Android devices have not been announced through public software.
The Android Partner Vulnerability Initiative (APVI) addresses this issue and improves the overall security of Android devices by notifying users when Google detects a passcode vulnerability for Android devices.
Google said: The Android Partner Vulnerability Initiative (APVI) has fixed many security issues and improved user protection to prevent license breaches, implement kernel code, data leak, and create unencrypted backups.
The issues revealed by Google include security flaws that can lead to permissions bypassing and executing code in the kernel, data leaks and creating unencrypted backups on MediaTek, Meizu, Huawei, Oppo, Vivo and ZTE devices. .
Google has provided several examples of previously found security vulnerabilities on Android devices, including permission coverage issues affecting wireless update tools, and data leakage through a built-in password manager in a browser that requires web and pre-installed apps permissions No elevated permissions .
Google previously announced a Fuzzilli Research Grant to fund researchers' efforts to uncover security issues in the JavaScript engine for web browsers such as Safari (JavaScriptCore), Chrome, Edge (v8), and Firefox (Spidermonkey). .
Google lists Android vulnerabilities within corporate devices |