Google initiative warns of Android security flaws in non-Pixel devices

Phones from Huawei, Oppo, and others had vulnerabilities.

Sponsored Links

Jon Fingas
October 3rd, 2020
Huawei P30 and P30 Pro running Android
Cherlynn Low/Engadget

Google already has efforts to improve Android security, such as speeding updates and offering bug bounties, but it’s now ramping things up by disclosing flaws for software it didn’t write. The company has launched an Android Partner Vulnerability Initiative (via XDA-Developers) to manage security flaws it discovers that are specific to third-party Android devices. Google hopes to both “drive remediation” (read: prompt faster patch releases) and warn users about potential problems.

The company added that its initiative had already addressed a number of Android issues. It didn’t mention companies by name in a blog post, but a bug tracker for the program mentioned several manufacturers. Huawei had issues with insecure device backups in 2019, for example. Oppo and Vivo phones had sideloading vulnerabilities. ZTE had weaknesses in its message service and browser autofill. Other affected vendors included Meizu, chip maker MediaTek, Digitime, and Transsion.

Google notified all of the vendors before disclosing the flaws, and most if not all appear to have been fixed.

The move is a reminder to keep your device updated, of course, but it also applies pressure to Android partners — fix your flaws or the public will know that you didn’t. If that works, you’ll hopefully see a stronger emphasis on security across the Android ecosystem, not just from Google itself.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Popular on Engadget