Google's Android Partner Vulnerability Initiative will Help Android OEMs Fix Security Issues

In an attempt to provide constructive solutions to the security problems affecting Android OEMs, Google has launched the Android Partner Vulnerability Initiative (APVI). The initiative will strive to provide transparency on issues discovered past the company on non-Pixel phones.

In instance you're wondering, the APVI is different from the existing monthly Android Security Bulletins (ASB). ASBs are directly based on the Android Open Source Project (AOSP) code. On the other manus, APVI aims to solve issues impacting device code that Google doesn't maintain.

"Nosotros didn't take a clear style to procedure Google-discovered security issues outside of AOSP code that are unique to a much smaller gear up of specific Android OEMs. The APVI aims to close this gap, adding some other layer of security for this targeted set of Android OEMs," says the company.

According to Google, the APVI is aligned to ISO/IEC 29147:2018 It — Security techniques — Vulnerability disclosure recommendations. It improves protection against permissions bypasses, execution of code in the kernel, credential leaks, and generation of unencrypted backups.

In its web log post announcing APVI, Google has mentioned a few examples where the company identified security problems. These security threats include apps that bypassed permissions, leaked credentials, and had unnecessary permissions. In all such incidents, Google says it alerted OEMs and provided guidance to resolve them.

With APVI, nosotros could wait Android OEMs to increase the pace at which they resolve critical security flaws. You tin stay updated with new problems disclosed through APVI from this dedicated page. The page already has a few fixed and new issues across Huawei, Oppo, Vivo, ZTE, and Meizu devices.