InfoSecBulletin Cybersecurity for mankind
Since Google bought Android 2005, its sole responsibility has been to provide the best user experience and ensure security for its users.
Google Play Protect was installed on every Android device to ensure every application was secure.
Russia detects first SuperCard malware attacks via NFC
Income Property Investments exposes 170,000+ Individuals record
ALERT (CVE: 2023-28771)
Zyxel Firewalls Under Attack via CVE-2023-28771 by 244 IPs
CISA Flags Active Exploits in Apple iOS and TP-Link Routers
10K Records Allegedly from Mac Cloud Provider’s Customers Leaked Online
Canada 2nd largest airlines “WestJet” investigates cyberattack disrupting internal systems
Paraguay 7.4 Million Citizen Records Leaked on Dark Web
High-Severity Flaw in HashiCorp Nomad Allows Privilege Escalation
SoftBank: Over 137,000 personal info leaked
Alert
Trend Micro Apex One Flaw Allow Attackers to Inject Malicious Code
Google stated that they had prevented around 1.43 million policy-violating applications from publishing on the Google Play Store as they have improved their security features and policies.
Google has also stopped several malicious developers and banned more than 173K accounts, preventing $2 billion in fraudulent or abusive transactions.
Google has also partnered with SDK providers to limit sensitive data access and sharing, which can enhance the security posture for a million Google Play apps.
Google has brought in many verification methods for Android app developers like Phone, email, and other verification methods, which will prevent malicious developers from deploying their apps in Google Play Store.
Google stated, “With strengthened Android platform protections and policies, and developer outreach and education, we prevented about 500K submitted apps from unnecessarily accessing sensitive permissions over the past three years.”
Developer Support and Collaboration to Help Keep Apps Safe
Adaption to the Android operating system has expanded the Android developer community, leading to educating newbie Android developers about the tools, knowledge, and support for building a secure and trustworthy application that focuses on the user’s security and privacy.
The App Security Improvements Program was launched by Google in 2022, in which 500K security weaknesses that affected nearly 300K applications were fixed. These fixes have secured about 250B installed devices (300K applications’ install base).
Google Play SDK Index
Google introduced the Google Play SDK index to provide a better understanding to the developers for evaluating the SDK’s reliability for their business requirements.
Along with these improvements, Google has improved ad policies, data transparency, security controls, security tools, and other security and user experience-based things.
In 2022, Google Play Store gave a display badge for any application that has gone through Mobile App Security Assessment (MASA) review, making it the first commercial app store to do this.
In addition, McAfee and Trend Micro have joined with Google to reduce app-based malware and Android user protection.
Google has published a complete analysis report on their security improvements and reports. Security and safety announcements in 2023 are yet to be announced.
