HomeWinBuzzer NewsGoogle’s App Security Program for Android flagged One Million Apps

Google’s App Security Program for Android flagged One Million Apps

Google’s Application Security Improvement Program for Android’s Google Play has flagged over one million security issues in applications.


is not famed for its security. It's part of the bargain that makes 's mobile platform so appealing to developers. The company hands the OS to OEMs and they can do what they want with it. Beyond the stock Android experience, this makes the platform vulnerable. Google now says some measures it has created to protect the OS are paying off.

One of those measures is the Application Security Improvement Program, which protects the Play Store from malicious apps. Google says it has flagged over one million apps for security issues since the program was announced.

The company also says more than 30,000 developers build fixes for 75,000 apps through 2018. Google explains what the Application Security Improvement Program does:

“Think of it like a routine physical. If there are no problems, the app runs through our normal tests and continues on the process to being published in the Play Store. If there is a problem, however, we provide a diagnosis and next steps to get back to healthy form,” Google says on its online security blog.

The program protects against a range of security problems, and in 2018 the following mitigations were added:

  • SQL Injection
  • File-based Cross-Site Scripting
  • Cross-App Scripting
  • Leaked Third-Party Credentials
  • Scheme Hijacking
  • JavaScript Interface Injection

Still Issues

Google will continue to “evolve” the program and protect against new threats. The question is whether the program is enough. Yes, it has stopped a vast number of security issues, but there is no doubt many Android apps continue to be loaded with malware.

Of course, other areas of Android are also not covered by the program. Last month, we discussed a full system vulnerability that allows bad actors to attack a device through PNG files.

Remote attackers created PNG files that would execute arbitrary code to give privileged access to bad actors. Getting users to open the PNG file could be as easy as hiding the code behind a cool image, or something seemingly innocent.

Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News