Google today rolled out a new program that has been designed specifically to manage security issues specific to Android OEMs. The new Android Partner Vulnerability Initiative goals will make the very best Android phones even safer by remedying issues that have an effect on device fashions made by OEMs.
Google has various packages that enable security researchers to report any security vulnerabilities. While vulnerabilities in Android code can be reported via the Android Security Rewards Program (ASR), issues in third-party Android apps can be submitted through the Play Security Rewards Program. Until now, however, there was no way to manage issues affecting only specific Android OEMs.
Google says the Android Partner Vulnerability Initiative is aligned to ISO/IEC 29147:2018 Information technology – security techniques – Vulnerability disclosure suggestions and covers issues impacting device code that it doesn’t service or maintain itself. The APVI has already helped process quite a few safety issues, including credential leaks, generation of unencrypted backups, and execution of code within the kernel.
Google found a custom system service within the Android framework in some variations of a third-party pre-installed over-the-air (OTA) update solution, which enabled access to sensitive APIs similar to enabling or disabling apps and granting app permissions. The service was found within the code base for many devices builds across multiple OEMs. Google has made the OEMs aware of the issue and guided them on how they can remove the affected code. It also discovered a significant security vulnerability in a popular web browser pre-installed on many devices, which might have allowed malicious websites to access the user’s saved passwords.
You can discover more data on these points and future disclosures here.
Also Read: Apple TV Gets YouTube 4K Playback, however still no 60fps or HDR