MobileNews

Google details App Defense Alliance work on Android Malware Mitigation, certifications

Google announced the App Defense Alliance (ADA) three years ago to “stop bad apps before they reach users’ devices,” and today recapped its work in 2022.

Malware Mitigation before an app gets published on Google Play is the ADA’s primary goal:

Through this program, Google Play Protect detection systems directly communicate with each partner’s scanning engines. This generates new app risk intelligence as apps are being queued to publish. Partners analyze this dataset and act as an additional vital set of eyes before an app goes live on the Play store.

Thousands of apps are scanned daily with “secure two-way communication” between Google and third parties. ESET, Lookout, and Zimperium were the initial partners, with McAfee and Trend Micro joining in 2022. 

Another App Defense Alliance initiative that is now widely available after launching in beta this year is the Mobile App Security Assessment (MASA) where developers “have their apps independently validated against the Mobile Application Security Verification Standard (MASVS standard) under the OWASP Mobile Application Security project.”

The project’s mission is to “Define the industry standard for mobile application security,” and has been used by both public and private sector organizations as a form of industry best practices when it comes to mobile application security. 

This work is done by ADA Authorized Labs with a public, user-facing App Validation Directory that notes the “validation date, test lab, and a report showing all test steps / requirements.” This appears as the “Independent security review” badge on an app’s Data Safety section in the Play Store. Various Google apps have undergone this, while third-party ones include Roblox, Uber, and PayPal.

On average, developers have completed validation within a month and resolved two outstanding issues identified by a security lab.  

Lastly, the Cloud App Security Assessment (CASA) is focused on the server backend of applications:

The CASA framework provides multiple assurance levels in which low-risk cloud applications can be evaluated using either a self assessment or automated scan. For applications which present higher risk (such as a large user base, recent security breach, or processes highly sensitive data), an Authorized Lab may perform an assessment.

More on Google Play:



Author: Abner Li
Source: 9TO5Google

Related posts
AI & RoboticsNews

OpenAI’s Sora is now available for FREE to all users through Microsoft Bing Video Creator on mobile

AI & RoboticsNews

Google quietly launches AI Edge Gallery, letting Android phones run AI without the cloud

AI & RoboticsNews

Enterprise alert: PostgreSQL just became the database you can’t ignore for AI applications

CryptoNews

Justin Sun Takes Center Stage at Bitcoin Vegas 2025 With TRON DAO as Top Sponsor of Code + Country and Co-Host of Kraken’s Oceanic Night

Sign up for our Newsletter and
stay informed!