Google will tell about the problems of popular Android smartphones

Despite the fact that recently it has become even fashionable among smartphone manufacturers to keep their devices up to date by regularly updating them, monthly security patches have always been less use for them than for devices in the Google Pixel line. After all, if the “pixels” work on the basis of pure Android, then they have the same security problems, and in the firmware of third-party manufacturers, which in the process of their design probably make mistakes, these problems are completely different. But Google decided to investigate them too.

Google will be looking into the security issues of third-party smartphones through its Android Partner Vulnerability Initiative. Thus, the company wants to speed up the correction of flaws in the firmware of all devices running Android, and not just the Google Pixel, making it as transparent as possible for users. Previously, Google investigated only the shortcomings of a pure version of Android and did not look further, but now the search giant’s plans include the detection of vulnerabilities outside the stock operating system.

Where do Android vulnerabilities come from?

Despite the fact that Google is not responsible for the vulnerabilities in the firmware of smartphones, which were caused by the use of custom skins and launchers, they “have the potential to have a negative impact on the security state of Android devices and their users.” This is how the company explained the need to launch a new initiative to identify security problems in third-party devices. Simply put, Google is not happy with the fact that Android’s credibility is suffering due to the negligence of manufacturers who are unable to independently detect and fix existing bugs and gaps.

Of course, the Android Partner Vulnerability Initiative program itself is a good thing, given that manufacturers often make mistakes when designing their firmware, and then do not fix them. But so far there are more questions to the initiative than answers:

• Is participation in the program mandatory for manufacturers
• How Google chooses which brand of smartphones to check
• Will manufacturers be able to refuse to have their smartphones checked?
• Are the vulnerabilities Google found mandatory to be fixed?
• Will there be any strict timeline for fixing the vulnerabilities found by Google
• Will the fixes be included in monthly security patches or will they need to be released separately
• Who will have to develop updates with fixes for vulnerabilities
• What to do if manufacturers consider the “vulnerability” found by Google to be a feature of their firmware

Android security updates

At the moment, it is known that Google has checked only some Meizu smartphones and issued a so-called security bulletin on them. This is a list of all the vulnerabilities that were found in the firmware of the tested device. Google publishes exactly the same newsletter every month on its own devices. Another thing is that it pre-fixes all the flaws in the firmware of its devices so that attackers could not use them for their own purposes. And in the case of Meizu, I would not be sure that someone fixed the vulnerabilities found.

Therefore, now Google is faced with the task of forming an effective tool for influencing manufacturers, which should clearly be obliged to fix critical vulnerabilities found by the experts of the search giant. Otherwise, the probability is high that the security bulletin, which will be published by Google, can simply become an excellent guide to action for hackers who start right and left to hack vulnerable devices. But since the search giant has not yet managed to convince vendors to even just adapt ready-made security patches, I think that nothing good will come of the new initiative.