Google launched the APVI partnership to inform non-Pixel device users of Android security vulnerabilities.

As part of the Android Partner Vulnerability Initiative (APVI) program, Google has begun informing users of security vulnerabilities on non-Pixel devices. It is reported that APVI is designed to solve the major OEM manufacturers’ security issues. As Google’s latest effort to secure its mobile ecosystem, the project could combine the efforts of businesses around the world.

Google launched the APVI partnership to inform non-Pixel device users of Android security vulnerabilities.

(From: Android Developers Blog)

Google explained that APVI primarily covers issues identified by the company that may affect the security of Android devices or users and comply with ISO/IEC 29147:2018 vulnerability disclosure recommendations for information security technologies.

Among the security vulnerabilities that have been discovered is the disclosure of credentials from popular Web browsers. Although the name of the app is not disclosed, its built-in password manager is likely to reveal site login credentials that users frequently visit because of its large installation base.

Google launched the APVI partnership to inform non-Pixel device users of Android security vulnerabilities.

(From: APVI)

For malicious sites, this feature interface can be used to load JavaScript code in the context of a Web page and pass credential content to WebView. Even with encryption at rest, application developers still need to add an extra set of safeguards against this security risk based on weak algorithms (DES) and known hard-coded keys.

Finally, Google says all security issues it finds on non-Pixel smartphones will be posted via the APVI page. The vulnerabilities that have been discovered and fixed have been disclosed and have covered hardware and software and service partners such as MediaTek, Digital Times, Meizu, ZTE, Voice, Vivo, OPPO, Huawei, etc.