Android Partner Vulnerability Initiative lists OEM security issues that Google discovered

- Advertisement -

Every month, Android manufacturers release security patches to protect devices from the latest issues. With the Android Partner Vulnerability Initiative (AVPI), Google will now detail problems it has discovered on partner devices.

With this program, the Android Security & Privacy team wants to “drive remediation and provide transparency to users.” There was previously no “clear way to process Google-discovered security issues outside of AOSP code that are unique to a much smaller set of specific Android OEMs.”

These vulnerabilities are in device code that Google is not responsible for — differing from Android Security Bulletins, but “could potentially affect the security posture of an Android device or its user.”

In announcing AVPI, Google detailed some of the vulnerabilities it has discovered and partners have since addressed:

  • In some versions of a third-party pre-installed over-the-air (OTA) update solution, a custom system service in the Android framework exposed privileged APIs directly to the OTA app. The service ran as the system user and did not require any permissions to access, instead checking for knowledge of a hardcoded password.
  • A popular web browser pre-installed on many devices included a built-in password manager for sites visited by the user. The interface for this feature was exposed to WebView through JavaScript loaded in the context of each web page. A malicious site could have accessed the full contents of the user’s credential store.

In these cases, Google made OEMs aware of the issue and provided guidance on how to address, or reached out to the app developer. 

The Android Partner Vulnerability Initiative list is available here. It joins the Android Security Rewards Program and the Google Play Security Rewards Program.

FTC: We use income earning auto affiliate links. More.


Check out 9to5Google on YouTube for more news:

About the Author

Thanks to Source

- Advertisement -
- Advertisement -

Must Read

Lypertek Levi review

Lypertek is a small Chinese audio manufacturer that shot to prominence last year with its in-ear TWS earbuds, the Lypertek Tevi. The Tevi received rave reviews from critics for its audio quality despite its budget-friendly $90 price tag and remains one of the most well-regarded product in its price range. The Levi that we are…

Week 48 in review: Poco M3, Redmi Note 9 trio official

Welcome to another week's recap. The biggest story is the European Parliament's vote in favor of users' right to repair. Starting in January, countries like France will begin labeling smartphones, laptops and other electronics with a repairability score of 1 through to 10. This new label will help buyers find a device they'll be able…

Weekly poll results: Realme 7 5G gets a lukewarm reception, its Black Friday gambit fails

The need for 5G is a contentious topic with many still not being sold on the next-gen network technology โ€“ or just plain not having access to it. Which doesnโ€™t bode well for the Realme 7 5G whose defining feature is... well, it says it right in the name. However, the results from last weekโ€™s…

Latest News

Lypertek Levi review

Lypertek is a small Chinese audio manufacturer that shot to prominence last year with its in-ear TWS earbuds, the Lypertek Tevi. The Tevi received rave reviews from critics for its audio quality despite its budget-friendly $90 price tag and remains one of the most well-regarded product in its price range. The Levi that we are…