Android Partner Vulnerability Initiative 출시 발표

newsroom 10/4 '20 posted 뉴스 IT

• 악의적인 사이트가 사용자 자격 증명 저장소의 전체 콘텐츠에 액세스했을 수 있습니다.

• Google은 Android 보안 게시판 (ASB)을 통해 Android 오픈 소스 프로젝트 (AOSP) 기반 코드로 ASR 보고서를 출시합니다.

• 많은 장치에 사전 설치된 인기있는 웹 브라우저에는 사용자가 방문한 사이트에 대한 내장 암호 관리자가 포함되어 있습니다.

• APVI는 이미 여러 보안 문제를 처리하여 권한 우회, 커널에서 코드 실행, 자격 증명 유출 및 암호화되지 않은 백업 생성에 대한 사용자 보호를 개선했습니다.

• 타사 사전 설치된 무선 (OTA) 업데이트 솔루션의 일부 버전에서 Android 프레임 워크의 사용자 지정 시스템 서비스는 권한 있는 API를 OTA 앱에 직접 노출했습니다.

• 사용 가능한 작업은 버전에 따라 다르지만 APK 자동 설치 / 제거, 앱 활성화 / 비활성화, 앱 권한 부여와 같은 민감한 API에 대한 액세스는 항상 허용되었습니다.

• 영향을 받는 OEM과 협력하여 이 보안 문제를 알리고 영향을받는 코드를 제거하거나 비활성화하는 방법에 대한 지침을 제공했습니다.

• AVPI (Android Partner Vulnerability Initiative)를 통해 Google은 이제 파트너 기기에서 발견 한 문제를 자세히 설명합니다.

• 이러한 취약성은 Android 보안 게시판과 달리 Google이 책임지지 않는 기기 코드에 있지만 'Android 기기 또는 사용자의 보안 상태에 잠재적으로 영향을 미칠 수 있습니다.

Announcing the launch of the Android Partner Vulnerability Initiative [android-developers.googleblog.com]

Google launches Android Partner Vulnerability Initiative [9to5google.com]

Just a moment... [www.bleepingcomputer.com]

Google launches initiative to improve the security of non-Pixel devices [www.xda-developers.com]

Google is creating a special Android security team to find bugs in sensitive apps [www.zdnet.com]

New Google security program makes the best Android phones way more secure [www.androidcentral.com]

newest replies popular replies

Open Wiki - Feel free to edit it. -

10/4 '20 answered

Google also announced the Android Partner Vulnerability Initiative (APVI) right now: https://t.co/wkCfhybYB2

Just an unfortunate timing coincidence. These two aren't related.

The APVI is a security program for Android OEMs (phone vendors)
— Catalin Cimpanu (@campuscodi) October 2, 2020

Google has a new Android Partner Vulnerability Initiative (APVI) to drive remediation about issues discovered at Google that affect device models shipped by Android partners https://t.co/oliKHwoWnw
— Ryan Naraine (@ryanaraine) October 2, 2020

Google has a way to fix security holes in Android phone makers' software. Like a hard-coded firmware update password and a password manager a malicious website could have raided for data. https://t.co/xDtXaWa36C
— Stephen Shankland (@stshank) October 2, 2020

Scoop: Google is putting together a special Android security team tasked with finding bugs in highly sensitive Play Store apps

Android apps that will be on the team's radar include COVID-19 contact tracing apps and election-related appshttps://t.co/ed4FYsRB43 cc: @Techmeme pic.twitter.com/Uzlkr2Ua9q
— Catalin Cimpanu (@campuscodi) October 2, 2020

Android apps that will be on the team's radar include COVID-19 contact tracing apps and election-related apps. Google is creating a special Android security team to find bugs in sensitive ... via @zdnet #infosec #tech #FridayFeeling https://t.co/qeGbVNFNn8
— AJ Durling (@Gurgling_MrD) October 2, 2020

Google is creating a special Android security team to find bugs in sensitive apps https://t.co/sECUDigDLu by @campuscodi
— ZDNet (@ZDNet) October 2, 2020

permanent link

Open Wiki - Feel free to edit it. -

10/4 '20 answered

Announcing the launch of the Android Partner Vulnerability Initiative https://t.co/b4XvzNtWVh #android #google
— Michael Birdy (@michbirdy) October 3, 2020

Google Launches Android Partner Vulnerability Initiative APVI#cybersecurity #informationsecurity #networksecurity #informationtechnology #hacking #security #vulnerability #vaultinfosec #wevowyoursecurity #cyberattack #malware #websecurity #Google #Android https://t.co/V4aBWOsxrh
— Vault Infosec (@vaultinfosec) October 3, 2020

permanent link

Featured

Important Notice: Discontinuation of Our Wiki Service

Dear Valued Users,

We hope this message finds you well. We are writing to inform you of an important upcoming change to our services. After careful consideration and analysis, we have made the difficult decision to discontinue our wiki site, effective one month from 2024/04/30.

This was not an easy decision to make, as we understand the importance of the resources and community that have been built around our wiki. However, due to evolving market conditions and strategic realignments, we must redirect our resources and efforts towards other ventures that will allow us to serve you better in the future.

What This Means for You:

Access to Content: You will continue to have full access to all content on the wiki until the discontinuation date. We encourage you to save or migrate any content you wish to retain.
Final Date of Service: The wiki will become inaccessible starting 1st June 2024, after which all content will be permanently removed.

We are immensely grateful for the support and contributions of our user community throughout the years. The wiki is being retired, but our team will be back soon with new services and apps.

Thank you for being a part of our journey.

Warm regards,

editoy Inc.

Related

Featured