Google is creating a special Android security team to find bugs in sensitive apps

play-store-android-google.jpg
Image: Mika Baumeister

Google is hiring to create a special Android security team that will be tasked with finding vulnerabilities in highly sensitive apps on the Google Play Store.

“As a Security Engineering Manager in Android Security […] Your team will perform application security assessments against highly sensitive, third party Android apps on Google Play, working to identify vulnerabilities and provide remediation guidance to impacted application developers,” reads a new Google job listing posted on Wednesday.

Applications that this new team will focus on include the likes of COVID-19 contact tracing apps and election-related applications, with others to follow, according to Sebastian Porst, Software Engineering Manager for Google Play Protect.

The new team will complete the work independent security researchers are doing through the Google Play Security Reward Program (GPSRP).

The GPSRP is Google’s bug bounty program for Android apps listed on the Play Store. Google takes bug reports from security researchers and pays for the bugs on behalf of the app owners.

However, this program is only limited to apps that have more than 100 million users.

Apps that handle sensitive data or perform critical tasks aren’t always eligible for GPSRP rewards and are less likely to be mass-tested by bug hunters.

“Definitely a good move,” Lukáš Štefanko, a mobile malware analyst at Slovak security firm ESET told ZDNet today when asked to describe Google’s latest effort.

“Finding security issues with serious impact isn’t that easy and requires a lot of time and experience,” Štefanko added.

Having a dedicated team ensures that some of the world’s best security talent and full effort is put into looking at apps that might slip under the radar and end up being exploited with devastating consequences.

READ MORE HERE