If Android applications continue to be the most targeted by attackers because of the software flaws they contain, It won’t be a lack of effort on Google’s part to help developers make their products more secure.
A case in point is the company’s Google Play App Security Improvement (ASI) program designed to help developers protect their products against common threats.
Since last May alone, the tips and recommendations provided by the service helped some 90,000 developers identify and fix security issues in more than 250,000 Android applications, Android security program manager Rahul Mishra said in a blog update this week.
ASI currently provides guidance for Android developers on 26 new security issues they need to consider before uploading their apps to Google Play. That’s more than double the 11 security issues the company used to watch out for in third-party Android apps as recently as last May.
Google has also set up a new page that consolidates information on all 26 identified security issues in one page. The page contains links directing developers to the appropriate security resources for each issue and contact information for those who need additional support.
Developers can use the page to identify all of the issues in their applications that Google will likely flag as being problematic from a security standpoint when the apps are uploaded to Google Play.
Under the ASI program, Google notifies developers immediately of any security issue that is identified so the problem can be remedied quickly. The alerts are sent directly to the developers via email and posted on their Google Play console along with information on how to address the problem.
Along with the notification, Google also sets a deadline by which developers are expected to address the identified issue if they want their application to be uploaded to Google Play or if they want to make updates to it.
“Developers can use this page as a resource to learn about new issues and keep track of all past issues,” Mishra noted in his blog.
The ASI program is one of several measures that Google has taken in recent years to try and shore up the security of its Android ecosystem. In recent years, the number of vulnerabilities discovered in Android applications has grown exponentially, though few of them have so far been exploited in a major way.
In 2016, Android with 523 flaws, had more reported vulnerabilities in it than any other operating system, according to MITRE Corp. The second was Debian Linux with 327. The all time leader for the most number of reported vulnerabilities, however, is the macOS, which has accumulated over 1,670 flaws in the past several years.
In response to the trend, Google has made several resources available to developers, beside ASI, to help identify and fix problems in their apps. Among them are an application sandbox, several vulnerability testing tools and fuzzers and security application programming interfaces in Google Play Services.