One Article Review
| Source |  GoogleSec |
|---|---|
| Identifiant | 8493536 |
| Date de publication | 2024-04-29 11:59:47 (vue: 2024-05-04 12:06:53) |
| Titre | Comment nous avons combattu de mauvaises applications et de mauvais acteurs en 2023 How we fought bad apps and bad actors in 2023 |
| Texte | Posted by Steve Kafka and Khawaja Shams (Android Security and Privacy Team), and Mohet Saxena (Play Trust and Safety) A safe and trusted Google Play experience is our top priority. We leverage our SAFE (see below) principles to provide the framework to create that experience for both users and developers. Here\'s what these principles mean in practice: (S)afeguard our Users. Help them discover quality apps that they can trust. (A)dvocate for Developer Protection. Build platform safeguards to enable developers to focus on growth. (F)oster Responsible Innovation. Thoughtfully unlock value for all without compromising on user safety. (E)volve Platform Defenses. Stay ahead of emerging threats by evolving our policies, tools and technology. With those principles in mind, we\'ve made recent improvements and introduced new measures to continue to keep Google Play\'s users safe, even as the threat landscape continues to evolve. In 2023, we prevented 2.28 million policy-violating apps from being published on Google Play1 in part thanks to our investment in new and improved security features, policy updates, and advanced machine learning and app review processes. We have also strengthened our developer onboarding and review processes, requiring more identity information when developers first establish their Play accounts. Together with investments in our review tooling and processes, we identified bad actors and fraud rings more effectively and banned 333K bad accounts from Play for violations like confirmed malware and repeated severe policy violations. Additionally, almost 200K app submissions were rejected or remediated to ensure proper use of sensitive permissions such as background location or SMS access. To help safeguard user privacy at scale, we partnered with SDK providers to limit sensitive data access and sharing, enhancing the privacy posture for over 31 SDKs impacting 790K+ apps. We also significantly expanded the Google Play SDK Index, which now covers the SDKs used in almost 6 million apps across the Android ecosystem. This valuable resource helps developers make better SDK choices, boosts app quality and minimizes integration risks. Protecting the Android Ecosystem Building on our success with the App Defense Alliance (ADA), we partnered with Microsoft and Meta as steering committee members in the newly restructured ADA under the Joint Development Foundation, part of the Linux Foundation family. The Alliance will support industry-wide adoption of app security best practices and guidelines, as well as countermeasures against emerging security risks. Additionally, we announced new Play Store transparency labeling to highlight VPN apps that have completed an independent security review through App Defense Alliance\'s Mobile App Security Assessment (MASA). When a user searches for VPN apps, they will now see a banner at the top of Google Play that educates them about the “Independent security review” badge in the Data safety section. This helps users see at-a-glance that a developer has prioritized security and privacy best practices and is committed to user safety. |
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | 200k 2023 2024 333k 790k+ able about access accordance account accountable accounts across act actors ada additionally adoption advanced advantage afeguard against aggressively ahead aiming algorithms all alliance almost already also android announced apis app applications approximately apps are around assessment available background bad badge banned banner bar based before behavior being below best better bolster boosts both bring build building calculates can capabilities capability choices clear code combat committed committee communications compare completed compromising confirmed constantly content continue continues control countermeasures court covers create creation critical crypto customers data defense defenses deletion detected developer developers developer” development devices digital discover disruptive dsa dvocate each ecosystem educates effectively elevate emerging enable enhancements enhancing ensure ensuring entire especially establish even ever everything evolve evolving exchange expanded experience family feature features federal feedback filed first focus forward fought foundation framework fraud fraudsters fraudulent from further generative getting give glance google growth guidelines has have having help helps here high highlight holding how identified identity impacting important improved improvements including incorporated increase independent index industry information initiate initiatives innovation install integration introduced investment investments iteration its joint kafka keep khawaja labeling landscape last latest launch launching lawsuit learn learning level leverage like limit linux location longer look looking machine made make malicious malware masa mean measures members message meta microsoft million mind minimizes misrepresentations mobile mohet more most multiple myriad need new newly not notes notifications novel now numbers off onboarding online operating optimize option order organizations oster outside over overall paramount part partnered performance permissions personal platform play play1 policies policy posted posture powerful practice: practices prevented principles prioritized priority privacy processes proper protect protecting protection protections protocols provide providers published pursue quality raising ready real recent recently reinstall rejected remediated removing repeated reporting request requirement requirements requiring resource responsible restructured review review” rings risks robust safe safeguard safeguards safety saxena scale scam scanning sdk sdks searches section security see seek sending sensitive sent services set severe shams sharing signals significantly simplify sms stay steering step steve store strengthened stringent submissions submitted success such support system take target team technology testing thanks them these those thoughtfully thousands threat threats through time together tooling tools top transparency transparent trust trusted two under unlock updated updates upload use used user users valuable value verification version violating violations volve vpn ways web well what when which who wide will within without working worldwide year your “about “independent |
| Tags | Malware Tool Threat Mobile |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.