Google today offered an update on its Application Security Improvement Program. First launched five years ago, the program has now helped more than 300,000 developers fix more than 1 million apps on Google Play. In 2018 alone, it resulted in over 30,000 developers fixing over 75,000 apps.
Google originally created the Application Security Improvement Program to harden Android apps. The goal was simple: help Android developers build apps without known vulnerabilities, thus improving the overall ecosystem.
Application Security Improvement Program
When an Android app is submitted to the Google Play store, the company scans it for a variety of vulnerabilities. If one is present, Google lets the developer know and helps them fix it. Google doesn’t distribute those apps to Android users until the issues are resolved.
Google compares the program to a health checkup: “Think of it like a routine physical. If there are no problems, the app runs through our normal tests and continues on the process to being published in the Play Store. If there is a problem, however, we provide a diagnosis and next steps to get back to healthy form.”
By securing Android apps, Google is really beefing up Android security overall. It doesn’t matter if the security vulnerabilities were included accidentally or for nefarious reasons — if Google knows about them, they don’t get through.
Given the success, Google plans to keep investing in the program. As new exploits emerge, the company will add them to the program’s warning list.
Google has made multiple Android security-related announcements this month alone. The company shared 2018 figures for its bug bounty numbers and Google Play Store app rejections. It also set new Android API level requirements to “improve the security of the app ecosystem.”