In a bid to enhance the security and transparency of its ecosystem, Google has taken a significant step by prominently displaying the Independent Security Review badge for VPN apps on the Google Play Store. The move comes as part of Google’s 2023 commitment to bolster the safety of Android and the Play Store. The Independent Security Review badge is designed to mitigate the risk of downloading malicious apps, build consumer trust, and influence purchasing decisions.
A New Layer of Protection for VPN Apps
According to an official blog post by Google, this badge plays a crucial role in ensuring user safety. Developers of VPN apps can now have their applications independently validated against the Mobile App Security Assessment (MASA) standard, which was introduced last year as part of the App Defense Alliance (ADA) initiative. The MASA standard covers various aspects of app security, including data storage, data privacy practices, cryptography, authentication, session management, network communication, platform interaction, and code quality.
Why VPN Apps?
VPN apps have been chosen as the initial focus for the Independent Security Review badge due to their involvement in handling sensitive user data. Google believes that this designation will enhance user privacy and security when using these apps. The badge is represented as a shield with a star icon and can be found in the Data Safety section of the Play Store.
Several prominent VPN providers have already undergone the Independent Security Review and received the coveted badge, including Google One, ExpressVPN, and NordVPN. In total, eight providers have embraced the initiative, setting an example for others in the industry. Google is encouraging additional VPN providers to undertake independent security testing, further reinforcing transparency for users.
ALSO READ: Google Play Store Auto Archive: Free Up Storage and Keep Your Phone Organized
The Independent Security Review Process
The Independent Security Review program requires VPN vendors to perform the MASA security audit through an approved cybersecurity partner. This audit involves examining source code server configurations and identifying potential vulnerabilities. Google aims to ensure that these apps adhere to strict security standards, promoting user trust and safety.
Notable VPN apps that have obtained a valid MASA certificate but are yet to receive the Independent Security Review badge include Aloha Browser + Private VPN, Private Internet Access VPN, SkyVPN – Fast Secure VPN, Tomato VPN, and vpnify – Unlimited VPN Proxy. Detailed information about their MASA assessments can be found in a dedicated directory, highlighting their commitment to transparency.
Google expects that more VPN apps will join this initiative in the near future, further solidifying the ecosystem’s security. To foster this transparency, Google encourages VPN developers and publishers to participate in the Independent Security Review program by submitting their applications for review through a provided form.
We encourage and anticipate additional VPN app developers to undergo independent security testing, bringing even more transparency to users. If you are a VPN developer and interested in learning more about this feature, please submit this form.
source 9to5google
While VPN apps are the current focus of the Independent Security Review program, Google plans to expand the initiative to include other app categories in the future. However, Google still needs to provide a specific timeline for this expansion.
As Google continues to prioritize user safety and security, the Independent Security Review badge serves as a clear indicator of an app’s commitment to maintaining high-security standards, benefiting both developers and users alike. With this latest development, the Play Store is set to become a safer environment for all its users.