Six new vulnerabilities added to Google’s Android Security Improvement program

• Google’s Android Security Improvement (ASI) program has helped almost 300,000 developers to fix more than 1,000,000 apps on Google Play to date.
• Google has added six new vulnerabilities to its ASI program including SQL Injection, File-based Cross-Site Scripting, Cross-App Scripting, and more.

Android Security Improvement (ASI) program helps Google Play app developers to enhance the security of the apps by detecting potential security issues in the apps.

How does the ASI program work?

• When an Android app is submitted to the Google Play store, Google’s ASI program scans the app for security issues and detects if any vulnerabilities are present.
• If any vulnerability is detected, ASI will flag it for potential security issue and notifies developers via email and Google Play Console along with details on how to fix the issue.
• The developers can then fix the vulnerability and enhance the application.

By numbers

• Google’s Android Security Improvement (ASI) program has helped almost 300,000 developers to fix more than 1,000,000 apps on Google Play to date.
• In 2018 alone, the ASI program helped nearly 30,000 developers fix over 75,000 apps.

What’s new - The ASI program covers a wide category of security issues and vulnerabilities with almost 24 warning campaigns that come with remediation deadline and 7 warning-only campaigns with no remediation deadline.

In 2018, Google has added six new vulnerabilities,

• SQL Injection
• File-based Cross-Site Scripting
• Cross-App Scripting
• Leaked Third-Party Credentials
• Scheme Hijacking
• JavaScript Interface Injection

The bottom line - In a blog posted on February 28, 2019, Google said that ensuring Android users are safe is a top priority for them.

“We know that app security is often tricky and that developers can make mistakes. We hope to see this program grow in the years to come, helping developers worldwide build apps users can truly trust,” Google said.