In an attempt to provide effective solutions to the security issues affecting Android OEMs, Google has launched the Android Partner Vulnerability Initiative (APVI). The initiative will strive to provide transparency on issues discovered by the company on non-Pixel phones.
In case you’re wondering, the APVI is different from the existing monthly Android Security Bulletins (ASB). ASBs are directly based on the Android Open Source Project (AOSP) code. On the other hand, APVI aims to solve issues impacting device code that Google doesn’t maintain.
“We didn’t have a clear way to process Google-discovered security issues outside of AOSP code that are unique to a much smaller set of specific Android OEMs. The APVI aims to close this gap, adding another layer of security for this targeted set of Android OEMs,” says the company.
According to Google, the APVI is aligned to ISO/IEC 29147:2018 Information technology — Security techniques — Vulnerability disclosure recommendations. It improves protection against permissions bypasses, execution of code in the kernel, credential leaks, and generation of unencrypted backups.
In its blog post announcing APVI, Google has mentioned a few examples where the company identified security issues. These security threats include apps that bypassed permissions, leaked credentials, and had unnecessary permissions. In all such incidents, Google says it alerted OEMs and provided guidance to resolve them.
With APVI, we could expect Android OEMs to increase the pace at which they resolve critical security flaws. You can stay updated with new issues disclosed through APVI from this dedicated page. The page already has a few fixed and new issues across Huawei, Oppo, Vivo, ZTE, and Meizu devices.