Η Google has begun hiring researchers in order to create a team security Android which will be in charge of find vulnerabilities in important or as Google says, "very sensitive" applications on Google Play Store.
"This team will perform security assessments on highly sensitive third-party Android applications on Google Play, trying to detect vulnerabilities and provide recovery instructions to affected application developersGoogle said on Wednesday.
The new security team will mainly deal with the analysis of applications that monitor citizens due COVID-19 and those related to elections. However, according to Sebastian Porst, Software Engineering Manager at Google Play Protect, many other applications will be considered by the panel in the future. security Android.
The researchers in the new team will do this work independently by the researchers involved in Google Play Security Reward Program (GPSRP). GPSRP is Google's bug bounty program for finding vulnerabilities in Android applications in the Play Store. Google receives bug reports from security investigators and pays on behalf of app owners. However, GPSRP is limited to applications with more than 100 million users.
This means that Many applications that handle sensitive data or perform critical tasks are not always included in GPSRP and are less likely to be examined by experts.
According to ZDNET, the creation of a team that will consider major Android applications evaluated positively by its space cyber security. Lukáš ftefanko, mobile malware analyst at security company ESET said of Google's decision: “Definitely a good move".
"Finding security issues with a serious impact is not so easy and requires a lot of time and experience,Tefanko added.
The existence of a task force ensures that some of the best security talents will analyze important applications which otherwise could "slip" and affect millions users (if there is something malicious).