On these pages we often talk about attempts to Google to protect users from malware and in general give harmful appsand one of them is theDefense Alliance apps (ADA).
Announced in 2019 with the aim of “block malicious apps before they reach users’ devices“, the alliance was the result of collaboration between Google and other large companies dedicated to cyber security such as Eset, Lookout and Zimperium and uses a combination of machine learning and heuristic analysis.
At the launch, the Mountain View house announced that the new tool would be integrated into PlayProtectthe platform that deals with scan for new apps installed by the user and notify him in case of vulnerabilities, in order to analyze all the apps waiting to be loaded on the play store.
But how does it work and what happened during this time? With a post about his official blogGoogle goes into detail and explains how this year theDefense Alliance apps expanded further:
- welcoming new members (McAfee and Trend Micro)
- including new initiatives in addition to the detection of malware as the Malware mitigation, MASA extension (Mobile App Security Assessment) e HOME (Cloud App Security Assessment)
- getting a new one landing page dedicated on official site
Let’s see them in detail.
The main objective of the ADA is the malware mitigation before an app be published on Google Play, a process that takes place by scanning daily thousands of apps through secure two-way communications between Google and partners.
In essence, the detection systems of Google Play Protect communicate directly with each partner’s scanning engines., generating new information app risk as apps are listed for publication. Partners analyze this dataset and they act as a vital extra pair of eyes before an app is published on the Play Store.
Mobile App Security Assessment (MASA)
Launched in beta this year and now widely available, Mobile App Security Assessment (MASA) is a tool that allows developers to validate their apps independently of the Mobile Application Security Verification Standard (standard MASVS) under the OWASP Mobile Application Security Project.
The mission of the project is “Define it standard of the sector for the safety of mobile applications” and has been used by organizations of the public sector and private as a form of best practiceswhen it comes to mobile application security.
Specifically, the developers work with a ADA approved laboratory to do to evaluate their apps against a number of requirements MASVS L1. Once the procedure is complete, the app validation is listed in the new app validation directorywhich gives users one place to view all app validations.
But the most important thing for the users is that they will see on the Google Play Store page of the app (in the section Data security) a badge certifying that you have passed the security control.
Various Google and third-party apps such as Roblox, Uber and PayPal have already received this badge, which on average requires one month for validation, including resolution of identified issues.
Cloud App Security Assessment (CASA)
The Cloud App Security Assessment (CASA) focuses on the increasingly critical application server backend for integrations cloud-to-cloud.
The CASA framework provides multiple levels of assurance:
- Low-risk cloud applications can be evaluated using aself evaluation or one auto scan
- Applications that feature a greater risk instead, they go through a licensed laboratory. These are:
- apps with a large user base
- apps that have had a recent security breach
- apps that process highly sensitive data
L’HOME accelerator provides developers with a tool that minimizes the required controls and has been associated with 10 certifications and frameworks that eliminate i redundant tests while reducing the cost of evaluation.
Thank you for reading this post, don't forget to subscribe!