Google Launches Android Vulnerability Knowledge Base
Written by Alex Denham   
Tuesday, 06 August 2024

Google has launched a knowledge base of Android security vulnerabilities with the aim of helping developers make their Android apps more secure.

The Android Application Security Knowledge Base (AAKB), establishes guidelines for writing secure Android software. It is a repository of common code issues, with remediation examples and explanations for implementing specific code patterns.

android15

Google already scans every app on Google Play for the most common security vulnerability classes, and alerts developers if a problem is detected. If a serious security vulnerability is detected and doesn't get fixed, Google may remove the app from Google Play.

However, the new knowledge base has been put together in recognition of the fact that developers need to know not just what vulnerabilities have been found, but also how to fix the issue and how to avoid similar issues in the future.

AAKB aims to establish guidelines for writing secure Android software. Details of vulnerabilities and advice on avoiding them is aligned to OWASP MASVS (Mobile Application Security Verification Standard) standards, which are the industry standards for mobile app security, and Google says content is vetted in partnership with technical peers, such as Microsoft, with the aim of ensuring the content is not biased to one party and represents state-of-the-art standards.

OWASP, Open Worldwide Application Security Project, is an online community that produces freely available articles, methodologies, documentation, tools, and technologies in the fields of IoT, system software and web application security.

The guidance is available through the AAKB homepage, or in Android Studio which "triggers remediation guidance from lint checks by pointing directly to AAKB articles". Existing security lint checks within Android Studio Giraffe+ have had their descriptions updated to include a link to the relevant AAKB article.

The open-source Android Security lint checks also provide access to Google's most recent guidance and experiments.

android15

More Information

Android Developer Webpage On Mitigating Security Risks

OWASP MASVS 

Related Articles

Bearer - A New SAST Tool On The Block

Secure Coding Best Practices for 2022

Google Drops APKs For Android

Google Quietly Kills Android Things

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

Banner

MCP For Beginners Course
27/06/2025

This course, provided by Microsoft, is based on a Github repository full of invaluable information that introduces MCP, Model Context Protocol, to beginners.


+ Full Story
Linux Foundation Launches Agent2Agent Project
24/06/2025

The Linux Foundation has launched the Agent2Agent (A2A) project, an open protocol created by Google for secure agent-to-agent communication and collaboration.


+ Full Story
More News

pico book

 

Comments




or email your comment to: comments@i-programmer.info
Last Updated ( Tuesday, 06 August 2024 )