Google launches new knowledge base for remediating vulnerabilities in Android apps


In an effort to reduce the number of vulnerabilities in Android apps, Google is introducing the Android Application Security Knowledge Base (AAKB). 

The AAKB includes a database of common code issues, complete with examples on how to remediate them and explanations on how to implement specific code patterns. 

Google already does scan Android apps for vulnerabilities, and informs developers so they can remediate the issue or it removes the app if the issue isn’t fixed. 

“We know that it isn’t always enough to just tell you about a vulnerability in your app; you need to know how to fix the issue and how to prevent similar issues from cropping up in the future,” the Android team wrote in a blog post

According to Google, the AAKB is aligned with the OWASP Mobile Application Security Verification Standard (MASVS). It is also vetted by technical experts from different organizations, including Microsoft. 

“This helps ensure the content is not biased to one party and represents state-of-the-art standards. This also provides an educational place for you to proactively remediate security risks in your applications using industry-wide standards, with direct access to knowledge from subject-matter experts,” the Android team wrote. 

The repository can be accessed through the AAKB homepage or in Android Studio, where remediation guidance now shows up in lint checks, with a link to the relevant AAKB article. 


You may also like…

Android’s new Collections feature brings together relevant content from installed apps into one spot

The evolution and future of AI-driven testing: Ensuring quality and addressing bias



Source link