Google has announced the creation of APVI or Android Partner Vulnerability Initiative, an initiative to improve the security of third-party Android phones (that is, other than Google Pixel). Basically, this initiative fills the gaps left by other similar projects like the Android security bulletin.
AVPI is an extra layer of security composed of Android mobile vulnerabilities discovered by Google outside the AOSP code (as these are detailed in the security bulletins). So far, AVPI has a few reported vulnerabilities, of which some have already been corrected.
Security beyond AOSP
Vulnerabilities in Android code are processed in the Android Security Rewards program and vulnerabilities in third-party applications in the Google Play Security Rewards program. Google publishes vulnerabilities of the first type in Android security bulletins and in AOSP.
The problem is that this system only applies to AOSP code, so Google did not have a standardized way of reporting security concerns that only apply to certain manufacturers Android and not all.
This is where AVPI comes in, which in practice is nothing more than a new bug tracker that compiles the security problems found by Google in the layers or applications from different manufacturers. To date, AVPI has a handful of reports that apply to Huawei, OPPO, Vivo, ZTE, Meizu and other mobiles. Several of them have already been corrected.
There will be where Google publishes new security problems and vulnerabilities that they find in mobile phones and third-party applications, always following the vulnerability disclosure recommendations ISO / IEC 29147: 2018. The vulnerabilities that apply to AOSP -and, therefore, to most Android mobiles- will continue to be published, as always, in the android security bulletins.
More information | Google
was originally published in