Google Enhances VPN App Trustworthiness in Android Store

Published about 1 year ago

Google is taking steps to help Android users identify more secure VPN apps through prominent badging that indicates independent audits. These badges will be visible on their Google Play page, according to Nataliya Stanetsky from Google’s Android Security and Privacy Team.

Prioritizing Security for VPN Apps

The decision to give VPN apps this special treatment is due to the vast amounts of sensitive data they handle, making them a popular target for cybercriminals. As users search for VPN apps, they will now see a banner at the top of Google Play that educates them about the ‘Independent security review’ badge in the Data Safety Section.

Google’s Partnership with App Defense Alliance

Last year, Google expanded its partnership with the App Defense Alliance (ADA), launched in 2019, to include the Mobile App Security Assessment (MASA). This initiative aims to ensure Android apps comply with a security standard defined by OWASP. However, the ADA’s website states that the MASA audit is not exhaustive and doesn’t guarantee complete safety of the application.

Still, the MASA endorsement is significant, as it checks for bad practices such as sensitive data written to application log files and the reuse of cryptographic keys for multiple purposes. While it doesn’t guarantee security, apps that avoid these pitfalls are considered safer.

Other Security Measures in Place

Google has other security measures in place to protect against potentially harmful applications and mobile unwanted software. This is achieved through static and dynamic risk analysis, gathering data about malicious apps, and employing machine learning.

Previously, Android developers who submitted their apps for MASA certification received a small badge in the app’s ‘Data safety’ section. Google Play will now feature the MASA merit for VPN apps more prominently, using a banner near the top of the store listing that links to the App Validation Directory.

The Role of Transparent Security Labeling

According to Stanetsky, research shows that transparent security labeling plays a crucial role in consumer risk perception, building trust, and influencing product purchasing decisions. The same principles are believed to apply for labeling and badging in the Google Play store.

Related news