Google Play Introduces Extra Security Checks to Boost App Trustworthiness
Google Play has recently introduced a new feature to enhance user trust in apps: a special banner indicating additional security checks. The initiative kicks off with several VPN apps being the first to receive this mark of safety.
Now, when app developers submit their creations to Google Play for an independent security assessment and pass, their apps will be marked accordingly in the store. This move aims to amplify the safety and reliability of the apps offered on Google Play.
This initiative is grounded in last year's launch of the App Defense Alliance (ADA) and the Mobile App Security Assessment (MASA). Through this program, developers have the option to present their apps for independent third-party security evaluations. Participation is voluntary, and developers interested in testing their apps can do so for a fee, which is not specified, by submitting a form.
The security criteria for these evaluations are based on standards set by the Open Web Application Security Project (OWASP), which includes cryptographic requirements. For instance, the use of hardcoded keys is prohibited, and personal data must be transmitted exclusively via TLS encryption.
If apps pass these rigorous checks, they earn a "Independent Security Review" badge under the "Data Security" section in Google Play. While this badge doesn’t guarantee 100% security, it does indicate a developer's commitment to enhancing app safety.
Several VPN apps, including NordVPN and SkyVPN, have already successfully undergone this evaluation. This is particularly crucial for VPN apps, given their role in transmitting sensitive data, such as information from home offices.