Google Play Store Enhances Security Badges for Android VPNs, Promoting Trustworthiness
Google Play Store Enhances Security Badges for Android VPNs, Promoting Trustworthiness
Android VPN |
In a bid to provide Android users with more reliable VPN applications, Google has introduced improved security badging and independent audits for app developers within its Play Store. These measures aim to enhance transparency and bolster trust among users, especially for apps that handle sensitive data like VPNs.
Nataliya Stanetsky, from Google's Android Security and Privacy Team, explained that VPN apps have become a prime target for malicious actors due to the valuable data they manage. In response, Google has introduced a new banner feature at the top of Google Play pages for independently audited apps. This banner educates users about the "Independent security review" badge located in the Data Safety Section.
This initiative builds upon Google's partnership with the App Defense Alliance (ADA), which expanded in 2019 to include the Mobile App Security Assessment (MASA). MASA assesses Android apps to ensure compliance with security standards outlined by the Open Web Application Security Project (OWASP).
While MASA is not an exhaustive audit, it aims to provide greater transparency into an app's security architecture. The limited nature of testing does not guarantee complete app safety, but it helps identify common security flaws. MASA checks for practices such as writing sensitive data to application log files and reusing cryptographic keys for multiple purposes.
Developers who submit their apps for MASA evaluation and pass previously received a small badge in the "Data safety" section of their app listings. Google is now taking a more prominent approach by displaying MASA merit for VPN apps in a banner near the top of the store listing, linking to the App Validation Directory. This directory serves as a central repository for all validated VPN apps, currently totaling eight, distinguishing them from less reputable counterparts.
Transparent security labeling has been shown to significantly impact consumer risk perception, build trust, and influence purchasing decisions. Google believes that these principles apply equally to labeling and badging within the Google Play store. While this move is aimed at VPN apps, it demonstrates Google's commitment to enhancing the security and trustworthiness of applications within its ecosystem.