Let’s not beat around the bush – Google is pretty fed up with people believing that the Android ecosystem might not be as secure as it should be.
And it most be particularly galling for those residing in the Googleplex that sometimes these flaws are not present in up-to-date versions of Google’s Pixel smartphone, but in those manufactured by other vendors.
Last week Google revealed it had taken another step to fix the problem, announcing an initiative to “drive remediation and provide transparency to users about issues we have discovered at Google that affect device models shipped by Android partners.”
What does that mean?
It means that Google’s Android Partner Vulnerability Initiative (APVI) will be publicising security issues it finds in third-party Android devices, in the hope that they will be fixed more quickly.
APVI only applies to vulnerabilities in code that isn’t serviced or maintained by Google – flaws in Google’s own code continue to be handled by Google’s Android security bulletins.
AVPI’s bug tracker has already uncovered a number of third-party vulnerabilities, including:
- Weaknesses in the password manager built-in to the Transission web browser pre-installed on many devices.
- Insecure backups on Huawei devices.
- Sideloading vulnerabilities affecting Oppo and Vivo phones.
Google’s plan appears to be to notify vendors before disclosing a flaw, and so far most of the reported flaws appear to have been fixed.
With luck, the threat of having a security vulnerability publicised will encourage more Android smartphone manufacturers to take greater care squashing bugs before they end up in the hands of unsuspecting consumers.