How the Google Play App Security Improvement Program is helping devs keep apps safe
The past year has been one where Google’s really started moving security to the forefront of the Android experience. Between the rise of fingerprint scanners on Android devices (and corresponding API support), the publication of high-profile exploits like Stagefright, and the company’s move to deliver monthly security updates for its Nexus lineup, Google’s been tackling the issue of device and data security from all angles. Those efforts extend to keeping apps safe, and Google’s long taken steps to make sure that not only are Play Store apps as trustworthy as can be, but that risks from non-Play-Store app installs can be mitigated whenever possible. This week Google’s taking the time to talk a little about one of the ways it helps developers avoid security missteps, with the Google Play App Security Improvement Program.
Rather than just looking at apps submitted to Google Play for outright malicious code, the GPASIP analyzes apps both at the time of initial submission and periodically throughout their Play Store lifespans, and is able to spot vulnerabilities a dev may not even have been aware of.
For example, if an app is developed using tools or some framework that have since been identified as containing potential security flaws, GPASIP can identify their presence and alert devs that they may want to update their toolset or look for alternatives. In serious cases, Google can stop devs from delivering other app updates until they resolve outstanding security issues.
End users won’t see any of this behind-the-scenes action, and instead learn about security fixes when we get our app-update notifications, but we’re glad to know it’s happening, all the same.