Google lists Android vulnerabilities within corporate devices

Google lists Android vulnerabilities within corporate devices

Launched a company Google is a new program designed to deal with Android security vulnerabilities being discovered by the search giant in third-party hardware and software, such as those made by manufacturers of Android devices.

“” Program director Kylie MacRoberts said:Kylie McRoberts(: Google’s Android security team launched the Android Partner Vulnerability Initiative)APVI) In order to manage Android device manufacturer’s security issues.

Security engineer Alec Gorten said (Alec Guertin): Designed for Android Partner Vulnerability (APVI) To drive the fix and provide transparency to users about issues Google discovered affecting devices sold through Android partners.

This program is in addition to other Google initiatives surrounding its efforts to discover Android security issues and address them with the help of security researchers, such as Android Security Rewards Program And theGoogle Play Store Security Rewards Program.

The issues that affect the Android Open Source Project (AOSP) affect all Android devices and are exposed through the Android Security Rewards Program reports issued through the monthly Android Security Bulletins (ASB).

However, the vulnerabilities that Google discovered outside of the Android Open Source Project (AOSP), affecting only a small subset of Android devices, were not previously disclosed via a generic program.

The Android Partner Vulnerability Initiative (APVI) fixes this and improves the overall security of Android devices by letting users know when Google finds security errors in the code of an Android device.

And theShe said Google: The Android Partner Vulnerability Initiative (APVI) addressed a number of security issues, improving user protection against permission overrun, kernel code execution, data leakage, and creating unencrypted backups.

Among the problems that Google discovered were vulnerabilities that could lead to bypassing permissions, executing code in the kernel, data leaks, and creating unencrypted backups within MediaTek, Meizu, Huawei, Oppo, Vivo, and ZTE devices.

And theGoogle has provided many examples of security vulnerabilities previously discovered in Android devices, including the permission bypass issue affecting the over-the-air update tool, data leakage via the built-in password manager in a pre-installed web browser, and unnecessary high-privileged permissions to access Applications.

Google also previously announced (Fuzzilli Research Grant), A research grant designed to sponsor researchers’ efforts to discover security issues in JavaScript engines for web browsers, such as (JavaScriptCore) for Safari, (v8) for Chrome or Edge, and (Spidermonkey) for Firefox.


Leave a Reply