As part of the Android Partner Vulnerability Initiative (APVI) program, Google has begun informing users of security vulnerabilities on non-Pixel devices. It is reported that APVI is designed to solve the major OEM manufacturers’ security issues. As Google’s latest effort to secure its mobile ecosystem, the project could combine the efforts of businesses around the world.
(From: Android Developers Blog)
Google explained that APVI primarily covers issues identified by the company that may affect the security of Android devices or users and comply with ISO/IEC 29147:2018 vulnerability disclosure recommendations for information security technologies.
Among the security vulnerabilities that have been discovered is the disclosure of credentials from popular Web browsers. Although the name of the app is not disclosed, its built-in password manager is likely to reveal site login credentials that users frequently visit because of its large installation base.
Finally, Google says all security issues it finds on non-Pixel smartphones will be posted via the APVI page. The vulnerabilities that have been discovered and fixed have been disclosed and have covered hardware and software and service partners such as MediaTek, Digital Times, Meizu, ZTE, Voice, Vivo, OPPO, Huawei, etc.