Google Play Store Introduces 'Independent Security Review' Badge for Apps
4.11.23 Android The Hacker News
Google is rolling out an "Independent security review" badge in the Play Store's Data safety section for Android apps that have undergone a Mobile Application Security Assessment (MASA) audit.
"We've launched this banner beginning with VPN apps due to the sensitive and significant amount of user data these apps handle," Nataliya Stanetsky of the Android Security and Privacy Team said.
MASA allows developers to have their apps independently validated against a global security standard such as the Mobile Application Security Verification Standard (MASVS), thereby providing more transparency and enabling users to make informed choices prior to downloading them.
The efforts are part of Google's broader push to make the Data safety section a one-stop shop that presents a "unified view of app safety," offering details about the kind of data that's being collected, for what purpose, and if it's being shared with third-parties.
Third-party app developers who are interested in participating can reach out directly to one of the six Authorized Labs partners, who will then test the public version of the app available in the Play Store and flag potential security issues for remediation.
"Once the app meets all requirements, the lab sends a Validation Report directly to Google as confirmation, and developers will be eligible to declare the security badge on their data safety form," Google notes.
"On average, the process takes around 2-3 weeks from initial assessment to badge availability."
That said, Google emphasized that the independent security testing process helps users check if a "developer has prioritized security and privacy practices and committed to user safety."
It, however, noted that certification to baseline security standards does not imply that a validated app is free of vulnerabilities.