Google warns of security holes in other vendors’ Android phones

And it’s going to keep on doing it…

Google warns of Android security holes in other vendors' phones

Let’s not beat around the bush – Google is pretty fed up with people believing that the Android ecosystem might not be as secure as it should be.

And it most be particularly galling for those residing in the Googleplex that sometimes these flaws are not present in up-to-date versions of Google’s Pixel smartphone, but in those manufactured by other vendors.

Last week Google revealed it had taken another step to fix the problem, announcing an initiative to “drive remediation and provide transparency to users about issues we have discovered at Google that affect device models shipped by Android partners.”

What does that mean?

It means that Google’s Android Partner Vulnerability Initiative (APVI) will be publicising security issues it finds in third-party Android devices, in the hope that they will be fixed more quickly.

Sign up to our free newsletter.
Security news, advice, and tips.

APVI only applies to vulnerabilities in code that isn’t serviced or maintained by Google – flaws in Google’s own code continue to be handled by Google’s Android security bulletins.

AVPI’s bug tracker has already uncovered a number of third-party vulnerabilities, including:

  • Weaknesses in the password manager built-in to the Transission web browser pre-installed on many devices.
  • Insecure backups on Huawei devices.
  • Sideloading vulnerabilities affecting Oppo and Vivo phones.

Google’s plan appears to be to notify vendors before disclosing a flaw, and so far most of the reported flaws appear to have been fixed.

With luck, the threat of having a security vulnerability publicised will encourage more Android smartphone manufacturers to take greater care squashing bugs before they end up in the hands of unsuspecting consumers.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

2 comments on “Google warns of security holes in other vendors’ Android phones”

  1. Spryte

    And what of Android based Tablets?

  2. Name and Shame MORE

    What of telcos that refuse to release available updates to force users to update their hardware to more recent devices?

    Unless you unlock the vice grip they have on their firmware releases, this problem will vastly overshadow any minor software updates for fixing bugs.

    Start releasing generic versions so users have choices. Force the telcos to unbundle their forced addons, or alternatively have them on a middle plane that doesn't retard updates to the underlying operating system while retaining their often unwelcome bundleware.

    Bundleware and firmware should be unlinked so users can keep their operating system more current.

    Yes, name and shame.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.