Google has launched a program to alert users of security vulnerabilities in Android phones manufactured by third-party companies. The security program, Android Partner Vulnerabilities Initiative (APVI), has already made headlines after revealing a major flaw in a popular browser.
According to Google, APVI is an initiative to detect vulnerabilities in an Android device that could compromise its “security posture.” The initiative follows ISO’s guidelines for disclosing security issues and also covers device code maintained by Android Security Bulletin.
All security issues detected are posted on Google’s catalog (via Softpedia), along with tips to prevent falling prey to those vulnerabilities.
Google Reports Vulnerabilities In A Popular Android Browser
Google said in its blog post that the new program had already discovered a major security problem in a widely used browser. Without explicitly naming it, the tech giant hinted that the browser came pre-installed in many devices.
Google noted that the said browser had shortcomings in how it stored credentials in its built-in password manager. It also noted that the password manager, whose interface was exposed to WebView via JavaScript, used a weak encryption algorithm (DES) to store critical information.
Google highlighted the issue’s seriousness by claiming that “a malicious site could have accessed the full contents of the user’s credential store.” The Silicon Valley company has already communicated this security weakness to the browser’s developers. The devs have since sent an ..
Support the originator by clicking the read the rest link below.
