Skip to content

Most visited

Recently visited

navigation

App Security Improvement Program

The App Security Improvement program is a service provided to Google Play app developers to improve the security of their apps. The program provides tips and recommendations for building more secure apps and identifies potential security enhancements when your apps are uploaded to Google Play. To date, the program has facilitated 90,000 developers to fix over 275,000 apps on Google Play.

How it works

Before any app is accepted into Google Play, we scan it for safety and security, including potential security issues. We also continuously re-scan the over one million apps on Google Play for additional threats.

If your app is flagged for a potential security issue, we'll notify you immediately to help you quickly address the issue and help keep your users safe. We’ll deliver alerts to you using both email and the Google Play Console, with links to a support page with details about how to improve the app.

Typically, these notifications will include a timeline for delivering the improvement to users as quickly as possible. For some kinds of issues, we may require you to make security improvements in the app before you can publish any more updates to it.

You can confirm that you’ve fully addressed the issue by uploading the new version of your app to the Google Play Console. Be sure to increment the version number of the fixed app. After a few hours, check the Play Console for the security alert; if it’s no longer there, you’re all set.

Example of a security improvement alert for an app in the Play Console.

Get involved

The success of this program rests on our partnership with you—the developers of apps on Google Play—and the security community. We’re all responsible for providing safe, secure apps to our users. For feedback or questions, please reach out to us through the Google Play Developer Help Center. To report potential security issues in apps, please reach out to us at security+asi@android.com.

Campaigns and remediations

Below are the most recent security issues flagged to developers on Google Play. Vulnerability and remediation details are available in each campaign's support page link.

Table 1: Warning campaigns with associated deadline for remediation.

Campaign Started Remediation Deadline Support Page
Path Traversal 9/22/2017 1/17/2018 Support page
Insecure Hostname Verification 11/29/2016 3/01/2017 Support page
Fragment Injection 11/29/2016 3/01/2017 Support page
Supersonic Ad SDK 9/28/2016 1/26/2017 Support page
Libpng 6/16/2016 9/17/2016 Support page
Libjpeg-turbo 6/16/2016 9/17/2016 Support page
Vpon Ad SDK 6/16/2016 9/17/2016 Support page
Airpush Ad SDK 3/31/2016 7/11/2016 Support page
MoPub Ad SDK 3/31/2016 7/11/2016 Support page
OpenSSL (“logjam” and CVE-2015-3194, CVE-2014-0224) 3/31/2016 7/11/2016 Support page
TrustManager 2/17/2016 5/17/2016 Support page
AdMarvel 2/8/2016 5/17/2016 Support page
Libupup (CVE-2015-8540) 2/8/2016 5/17/2016 Support page
Apache Cordova (CVE-2015-5256, CVE-2015-1835) 12/14/2015 7/11/2016 Support page
Vitamio Ad SDK 12/14/2015 3/14/2016 Support page
GnuTLS 10/13/2015 1/19/2016 Support page
Webview SSLErrorHandler 7/17/2015 11/25/2016 Support page
Vungle Ad SDK 6/29/2015 11/11/2015 Support page
Apache Cordova (CVE-2014-3500, CVE-2014-3501, CVE-2014-3502) 6/29/2015 8/31/2015 Support page

Table 2: Warning-only campaigns (no remediation deadline).

Campaign Started Support Page
Embedded Foursquare OAuth Token 9/28/2016 Support page
Embedded Facebook OAuth Token 9/28/2016 Support page
In-app billing interception 7/28/2016 Support page
Embedded Google Refresh Token OAuth 7/28/2016 Support page
Developer URL Leaked Credentials 6/16/2016 Support page
Embedded Keystore files 10/2/2014
Amazon Web Services embedded credentials 6/12/2014
This site uses cookies to store your preferences for site-specific language and display options.

Get the latest Android developer news and tips that will help you find success on Google Play.

* Required Fields

Hooray!

Follow Google Developers on WeChat

Browse this site in ?

You requested a page in , but your language preference for this site is .

Would you like to change your language preference and browse this site in ? If you want to change your language preference later, use the language menu at the bottom of each page.

This class requires API level or higher

This doc is hidden because your selected API level for the documentation is . You can change the documentation API level with the selector above the left navigation.

For more information about specifying the API level your app requires, read Supporting Different Platform Versions.

Take a short survey?
Help us improve the Android developer experience.
(Sep 2017 survey)