Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label VPN Apps. Show all posts

Google to Label Android VPNs Clearing a Security Audit

 

Google hopes that better badging alerting to independent audits will help Android users in finding more trustworthy VPN apps.

The ad giant and cloud provider has given independently audited apps in its Play store a more visible display of their security credentials, particularly a banner atop their Google Play page. 

According to Nataliya Stanetsky of Google's Android Security and Privacy Team, in an announcement, VPN apps are the first to receive this special treatment since they manage a sizable quantity of classified data. Therefore, miscreants frequently target them for subversion.

"When a user searches for VPN apps, they will now see a banner at the top of Google Play that educates them about the 'Independent security review' badge in the Data Safety Section," explained Stanetsky.

Google and the App Defence Alliance (ADA) expanded their partnership last year to incorporate the Mobile App Security Assessment (MASA), which verifies the Android apps comply with OWASP-defined security standards. The ADA was founded in 2019. 

The audit isn't very comprehensive. As the ADA's website states, "MASA is intended to provide more transparency into the app's security architecture, however the limited nature of testing does not guarantee complete safety of the application."

Additionally, MASA does not always verify the safety claims made by app developers, according to the ADA. The alliance's MASA endorsement is significant, even though it is understandable that it doesn't want to be held accountable if it overlooks something and an information-stealing app gets through. 

Among its many checks, MASA looks for apparent bad practices, such as whether sensitive data is written to application log files and whether the application reuses cryptographic keys for multiple purposes. Even though it's not safe to say that apps are guaranteed to be secure, it's safe to say that you're better off with those that avoid such mistakes. 

If MASA fails, there are backup security measures available in the Android ecosystem. As Google proudly declares, when your gibberish translator is offline, it attempts to defend against PHAs and MUwS, or potentially malicious applications and unwanted software. It accomplishes this by collecting information about malicious apps, using machine learning and other techniques, performing static and dynamic risk analyses, and more.

Google Introduces Badges to Identify Which VPN App has Passed a Security Audit


Google has recently confirmed that they will be introducing an Independent Security Review badge to identify Android VPN apps that have undergone an independent security assessment, taking into account the concerns of users regarding Android cybersecurity. 

The App Defense Alliance was launched last year, in collaboration between Google, ESET, Lookout, and Zimperium in order to tackle Play Store’s malware issues. The Alliance further launched the Mobile Application Security Assessment (MASA) audit. In order to inform customers that the applications they are installing on their phones have been created in accordance with industry mobile security and privacy minimal best practices, software developers can use this method to get their apps independently verified against a global security standard. 

The objective behind the review badge is that if app developers follow this method in order to mitigate any security flaw, it will make it more challenging for hackers to compromise users' devices and, as a result, the quality of apps across the ecosystem will improve.

Applications that have received this badge have successfully undergone a MASA audit. Moreover, in order to maintain the badge every year, app developers will have to go through an additional independent assessment.

Nataliya Stanetsky of the Android Security and Privacy Team states in a Google Security Blog post this week that, “While certification to baseline security standards does not imply that a product is free of vulnerabilities, the badge associated with these validated apps helps users see at-a-glance that a developer has prioritized security and privacy practices and committed to user safety.”

Now, when a user turns to Play Store in search for the best VPN, they will certainly see a banner at the top, leading then to the DATA Safety Section, for them to have a better understanding of the new badges. On clicking on the option ‘learn more,’ the user will further be directed to the App Validation Directory, "a centralized place to view all VPN apps that have been independently security reviewed."

"We've launched this banner beginning with VPN apps due to the sensitive and significant amount of user data these apps handle," Stanetsky explained.

"VPN providers such as NordVPN, Google One, ExpressVPN, and others have already undergone independent security testing and publicly declared the badge showing their good standing with the MASA program," she added. 

These Security Review badges is an effort by Google to make the Data Safety Section a one-stop shop for information on Play Store cybersecurity procedures. Additionally, you may get information on the kind of data that apps are gathering about you, why they are collecting it, and whether or not they are sharing it with outside parties.