Google Play will mark independently validated VPN apps
Android VPN apps that have gone through an independent security validation will now be able to claim that distinction on Google Play with a prominent badge in their Data Safety section.
“We’ve launched this banner beginning with VPN apps due to the sensitive and significant amount of user data these apps handle,” said Nataliya Stanetsky from Google’s Android Security and Privacy Team.
Aligning with the MASA program
The App Defense Alliance (ADA) launched the MASA (Mobile App Security Assessment) program last year to help developers independently review their apps based on the industry security standard.
“The lab will test the public version of the app available in the Play Store and provide assessment feedback directly to developers. Labs provide remediation steps to help developers fix any flagged issues,” the App Defense Alliance explained.
“Once the app meets all requirements, the lab sends a Validation Report directly to Google as confirmation, and developers will be eligible to declare the security badge on their data safety form.”
Security validation of VPN apps
When looking for a VPN app on Google Play, users may notice the “Independent security review” badge in the app’s Data Safety Section.
The independent security review badge. (Source: Google)
“This signals to users that an independent third-party has validated that the developers designed their apps to meet these industry mobile security and privacy minimum best practices and the developers are going the extra mile to identify and mitigate vulnerabilities. This, in turn, makes it harder for attackers to reach users’ devices and improves app quality across the ecosystem,” said Stanetsky.
Users can also find a list of all VPN apps that have undergone this review and see technical assessment details by navigating to the App Validation Directory.
The badge does not mean that the app is free of vulnerabilities, but it meant to reassure users that the developer has prioritized security and privacy practices, and has committed to user safety.
Taking on malicious apps
To enhance app safety for its users, Google has recently improved Google Play Protect’s real-time scanning at the code-level.
This is particularly important for apps downloaded (i.e., sideloaded) from outside the Google Play app store as cybercriminals have been increasingly leveraging AI to build stealthy and hard-to-detect apps.