Program peningkatan keamanan aplikasi
Tetap teratur dengan koleksi
Simpan dan kategorikan konten berdasarkan preferensi Anda.
Program Peningkatan Keamanan Aplikasi adalah layanan yang disediakan kepada developer aplikasi Google Play untuk meningkatkan keamanan aplikasi mereka. Program ini memberikan tips dan rekomendasi dalam membuat aplikasi yang lebih aman dan mengidentifikasi potensi peningkatan keamanan saat aplikasi Anda diupload ke Google Play. Hingga saat ini, program ini telah mempermudah developer dalam memperbaiki lebih dari
1.000.000 aplikasi di Google Play.
Cara kerja
Sebelum aplikasi diterima di Google Play, kami memindainya demi keselamatan dan keamanan, termasuk potensi masalah keamanan. Kami juga terus memindai ulang lebih dari satu juta aplikasi di Google Play untuk mengidentifikasi ancaman tambahan.
Jika aplikasi Anda ditandai karena potensi masalah keamanan, kami akan segera memberi tahu Anda untuk membantu mengatasi masalah tersebut dengan cepat dan menjaga keamanan pengguna. Kami akan mengirimkan notifikasi kepada Anda menggunakan email dan Konsol Google Play, yang berisi link ke halaman dukungan dengan detail tentang cara memperbaiki aplikasi.
Umumnya, notifikasi ini akan menyertakan linimasa untuk mengirimkan perbaikan kepada pengguna secepat mungkin. Untuk beberapa jenis masalah,
Anda mungkin harus melakukan peningkatan keamanan di aplikasi sebelum dapat
memublikasikan update lain bagi aplikasi tersebut.
Anda dapat mengonfirmasi bahwa Anda sudah sepenuhnya mengatasi masalah tersebut dengan mengupload versi baru aplikasi ke Konsol Google Play. Pastikan untuk meningkatkan nomor versi
aplikasi yang telah diperbaiki. Setelah beberapa jam, periksa pemberitahuan
keamanan di Konsol Play; jika sudah tidak ada lagi, artinya masalah sudah teratasi.
Contoh pemberitahuan peningkatan keamanan untuk aplikasi di Konsol Play.
Libatkan diri
Keberhasilan program ini bergantung pada kemitraan kami dengan Anda—selaku developer aplikasi di Google Play—dan komunitas keamanan. Kita semua bertanggung jawab untuk menyediakan aplikasi yang aman dan terlindungi bagi pengguna. Untuk mengirim masukan atau pertanyaan, hubungi kami melalui Pusat Bantuan Developer Google Play. Untuk melaporkan potensi masalah keamanan di aplikasi, hubungi kami di security+asi@android.com
.
Kampanye dan perbaikan
Berikut adalah masalah keamanan terbaru yang dilaporkan kepada developer di Google Play. Detail informasi kerentanan dan perbaikan tersedia di setiap link halaman dukungan kampanye.
Tabel 1: Kampanye peringatan dengan batas waktu perbaikan terkait.
Tabel 2: Kampanye khusus peringatan (tidak ada batas waktu perbaikan).
Konten dan contoh kode di halaman ini tunduk kepada lisensi yang dijelaskan dalam Lisensi Konten. Java dan OpenJDK adalah merek dagang atau merek dagang terdaftar dari Oracle dan/atau afiliasinya.
Terakhir diperbarui pada 2023-12-14 UTC.
[[["Mudah dipahami","easyToUnderstand","thumb-up"],["Memecahkan masalah saya","solvedMyProblem","thumb-up"],["Lainnya","otherUp","thumb-up"]],[["Informasi yang saya butuhkan tidak ada","missingTheInformationINeed","thumb-down"],["Terlalu rumit/langkahnya terlalu banyak","tooComplicatedTooManySteps","thumb-down"],["Sudah usang","outOfDate","thumb-down"],["Masalah terjemahan","translationIssue","thumb-down"],["Masalah kode / contoh","samplesCodeIssue","thumb-down"],["Lainnya","otherDown","thumb-down"]],["Terakhir diperbarui pada 2023-12-14 UTC."],[],[],null,["# App security improvement program\n\nThe App Security Improvement program is a service provided to Google Play\napp developers to improve the security of their apps. The program provides\ntips and recommendations for building more secure apps and identifies\npotential security enhancements when your apps are uploaded to Google\nPlay. To date, the program has facilitated developers to fix over\n1,000,000 apps on Google Play.\n\nHow it works\n------------\n\n\nBefore any app is accepted into Google Play, we scan it for safety and\nsecurity, including potential security issues. We also continuously re-scan\nthe over one million apps on Google Play for additional threats.\n\n\nIf your app is flagged for a potential security issue, we'll notify you\nimmediately to help you quickly address the issue and help keep your users\nsafe. We'll deliver alerts to you using both email and the Google Play\nConsole, with links to a support page with details about how to\nimprove the app.\n\n\nTypically, these notifications will include a timeline for delivering the\nimprovement to users as quickly as possible. For some kinds of issues, we\nmay require you to make security improvements in the app before you can\npublish any more updates to it.\n\n\nYou can confirm that you've fully addressed the issue by uploading the new\nversion of your app to the Google Play Console. Be sure to [increment the version number](/studio/publish/versioning) of the\nfixed app. After a few hours, check the Play Console for the security\nalert; if it's no longer there, you're all set. \n\nExample of a security improvement alert for\nan app in the Play Console.\n\nGet involved\n------------\n\n\nThe success of this program rests on our partnership with you---the developers\nof apps on Google Play---and the security community. We're all responsible for\nproviding safe, secure apps to our users. For feedback or questions, please\nreach out to us through the [Google\nPlay Developer Help Center](https://support.google.com/googleplay/android-developer/contact/publishing). To report potential security issues in apps,\nplease reach out to us at `security+asi@android.com`.\n\nCampaigns and remediations\n--------------------------\n\n\nBelow are the most recent security issues flagged to developers on\nGoogle Play. Vulnerability and remediation details are available\nin each campaign's support page link.\n\n\n**Table 1**: Warning campaigns with associated deadline for remediation.\n\n| Campaign | Started | Support Page |\n|--------------------------------------------------------------|------------|----------------------------------------------------------------|\n| Exposed Firebase Cloud Messaging Sever Keys | 10/12/2021 | [Support page](https://support.google.com/faqs/topic/11015404) |\n| Intent Redirection | 5/16/2019 | [Support page](https://support.google.com/faqs/answer/9267555) |\n| JavaScript Interface Injection | 12/4/2018 | [Support page](https://support.google.com/faqs/answer/9095419) |\n| Scheme Hijacking | 11/15/2018 | [Support page](https://support.google.com/faqs/answer/9101196) |\n| Cross App Scripting | 10/30/2018 | [Support page](https://support.google.com/faqs/answer/9084685) |\n| File-based Cross-Site Scripting | 6/5/2018 | [Support page](https://support.google.com/faqs/answer/7668153) |\n| SQL Injection | 6/4/2018 | [Support page](https://support.google.com/faqs/answer/7668308) |\n| Path Traversal | 9/22/2017 | [Support page](https://support.google.com/faqs/answer/7496913) |\n| Insecure Hostname Verification | 11/29/2016 | [Support page](https://support.google.com/faqs/answer/7188426) |\n| Fragment Injection | 11/29/2016 | [Support page](https://support.google.com/faqs/answer/7188427) |\n| Supersonic Ad SDK | 9/28/2016 | [Support page](https://support.google.com/faqs/answer/7126517) |\n| Libpng | 6/16/2016 | [Support page](https://support.google.com/faqs/answer/7011127) |\n| Libjpeg-turbo | 6/16/2016 | [Support page](https://support.google.com/faqs/answer/7008337) |\n| Vpon Ad SDK | 6/16/2016 | [Support page](https://support.google.com/faqs/answer/7012047) |\n| Airpush Ad SDK | 3/31/2016 | [Support page](https://support.google.com/faqs/answer/6376737) |\n| MoPub Ad SDK | 3/31/2016 | [Support page](https://support.google.com/faqs/answer/6345928) |\n| OpenSSL (\"logjam\" and CVE-2015-3194, CVE-2014-0224) | 3/31/2016 | [Support page](https://support.google.com/faqs/answer/6376725) |\n| TrustManager | 2/17/2016 | [Support page](https://support.google.com/faqs/answer/6346016) |\n| AdMarvel | 2/8/2016 | [Support page](https://support.google.com/faqs/answer/6345881) |\n| Libupup (CVE-2015-8540) | 2/8/2016 | [Support page](https://support.google.com/faqs/answer/6346109) |\n| Apache Cordova (CVE-2015-5256, CVE-2015-1835) | 12/14/2015 | [Support page](https://support.google.com/faqs/answer/6325474) |\n| Vitamio Ad SDK | 12/14/2015 | [Support page](https://support.google.com/faqs/answer/6365106) |\n| GnuTLS | 10/13/2015 | [Support page](https://support.google.com/faqs/answer/6344084) |\n| Webview SSLErrorHandler | 7/17/2015 | [Support page](https://support.google.com/faqs/answer/7071387) |\n| Vungle Ad SDK | 6/29/2015 | [Support page](https://support.google.com/faqs/answer/6313713) |\n| Apache Cordova (CVE-2014-3500, CVE-2014-3501, CVE-2014-3502) | 6/29/2015 | [Support page](https://support.google.com/faqs/answer/6325474) |\n\n\n**Table 2**: Warning-only campaigns (no remediation deadline).\n\n| Campaign | Started | Support Page |\n|------------------------------------------|------------|-----------------------------------------------------------------|\n| Implicit PendingIntent | 2/22/2022 | [Support page](https://support.google.com/faqs/answer/10437428) |\n| Implicit Internal Intent | 6/22/2021 | [Support page](https://support.google.com/faqs/answer/10399926) |\n| Unsafe Encryption Mode | 10/13/2020 | [Support page](https://support.google.com/faqs/answer/10046138) |\n| Unsafe Encryption | 9/17/2019 | [Support page](https://support.google.com/faqs/answer/9450925) |\n| Zipfile Path Traversal | 5/21/2019 | [Support page](https://support.google.com/faqs/answer/9294009) |\n| Embedded Foursquare OAuth Token | 9/28/2016 | [Support page](https://support.google.com/faqs/answer/7050471) |\n| Embedded Facebook OAuth Token | 9/28/2016 | [Support page](https://support.google.com/faqs/answer/7126515) |\n| Google Play Billing interception | 7/28/2016 | [Support page](https://support.google.com/faqs/answer/7054270) |\n| Embedded Google Refresh Token OAuth | 7/28/2016 | [Support page](https://support.google.com/faqs/answer/7052200) |\n| Developer URL Leaked Credentials | 6/16/2016 | [Support page](https://support.google.com/faqs/answer/7026406) |\n| Embedded Keystore files | 10/2/2014 | |\n| Amazon Web Services embedded credentials | 6/12/2014 | |"]]