콘텐츠로 건너뛰기

자주 방문한 페이지

최근 방문한 페이지

navigation

App Security Improvement Program

The App Security Improvement program is a service provided to Google Play app developers to improve the security of their apps. The program provides tips and recommendations for building more secure apps and identifies potential security enhancements when your apps are uploaded to Google Play. To date, the program has facilitated 90,000 developers to fix over 275,000 apps on Google Play.

How it works

Before any app is accepted into Google Play, we scan it for safety and security, including potential security issues. We also continuously re-scan the over one million apps on Google Play for additional threats.

If your app is flagged for a potential security issue, we'll notify you immediately to help you quickly address the issue and help keep your users safe. We’ll deliver alerts to you using both email and the Google Play Console, with links to a support page with details about how to improve the app.

Typically, these notifications will include a timeline for delivering the improvement to users as quickly as possible. For some kinds of issues, we may require you to make security improvements in the app before you can publish any more updates to it.

You can confirm that you’ve fully addressed the issue by uploading the new version of your app to the Google Play Console. Be sure to increment the version number of the fixed app. After a few hours, check the Play Console for the security alert; if it’s no longer there, you’re all set.

Example of a security improvement alert for an app in the Play Console.

Get involved

The success of this program rests on our partnership with you—the developers of apps on Google Play—and the security community. We’re all responsible for providing safe, secure apps to our users. For feedback or questions, please reach out to us through the Google Play Developer Help Center. To report potential security issues in apps, please reach out to us at security+asi@android.com.

Campaigns and remediations

Below are the most recent security issues flagged to developers on Google Play. Vulnerability and remediation details are available in each campaign's support page link.

Table 1: Warning campaigns with associated deadline for remediation.

Campaign Started Remediation Deadline Support Page
Path Traversal 9/22/2017 1/17/2018 Support page
Insecure Hostname Verification 11/29/2016 3/01/2017 Support page
Fragment Injection 11/29/2016 3/01/2017 Support page
Supersonic Ad SDK 9/28/2016 1/26/2017 Support page
Libpng 6/16/2016 9/17/2016 Support page
Libjpeg-turbo 6/16/2016 9/17/2016 Support page
Vpon Ad SDK 6/16/2016 9/17/2016 Support page
Airpush Ad SDK 3/31/2016 7/11/2016 Support page
MoPub Ad SDK 3/31/2016 7/11/2016 Support page
OpenSSL (“logjam” and CVE-2015-3194, CVE-2014-0224) 3/31/2016 7/11/2016 Support page
TrustManager 2/17/2016 5/17/2016 Support page
AdMarvel 2/8/2016 5/17/2016 Support page
Libupup (CVE-2015-8540) 2/8/2016 5/17/2016 Support page
Apache Cordova (CVE-2015-5256, CVE-2015-1835) 12/14/2015 7/11/2016 Support page
Vitamio Ad SDK 12/14/2015 3/14/2016 Support page
GnuTLS 10/13/2015 1/19/2016 Support page
Webview SSLErrorHandler 7/17/2015 11/25/2016 Support page
Vungle Ad SDK 6/29/2015 11/11/2015 Support page
Apache Cordova (CVE-2014-3500, CVE-2014-3501, CVE-2014-3502) 6/29/2015 8/31/2015 Support page

Table 2: Warning-only campaigns (no remediation deadline).

Campaign Started Support Page
Embedded Foursquare OAuth Token 9/28/2016 Support page
Embedded Facebook OAuth Token 9/28/2016 Support page
In-app billing interception 7/28/2016 Support page
Embedded Google Refresh Token OAuth 7/28/2016 Support page
Developer URL Leaked Credentials 6/16/2016 Support page
Embedded Keystore files 10/2/2014
Amazon Web Services embedded credentials 6/12/2014
이 사이트는 쿠키를 사용하여 사이트별 언어 및 표시 옵션에 대한 환경설정을 저장합니다.

Google Play에서 성공을 거두는 데 도움이 되는 최신 Android 개발자 뉴스 및 도움말을 받아 보세요.

* 필수 입력란

완료되었습니다.

WeChat에서 Google Developers 팔로우하기

이 사이트를 (으)로 탐색할까요?

페이지를 요청했지만 이 사이트의 언어 환경설정은 입니다.

언어 환경설정을 변경하고 이 사이트를 (으)로 탐색할까요? 언어 환경설정을 나중에 변경하려면 각 페이지 하단의 언어 메뉴를 사용하세요.

이 클래스를 사용하려면 API 수준 이상이 필요합니다.

문서에 대해 선택한 API 수준이 이므로 이 문서가 표시되지 않습니다. 왼쪽 탐색 메뉴의 선택기로 문서 API 수준을 변경할 수 있습니다.

앱에 필요한 API 수준 지정에 관한 자세한 내용은 다양한 플랫폼 버전 지원을 참조하세요.

Take a short survey?
Help us improve the Android developer experience. (April 2018 — Developer Survey)