Google already has efforts to improve Android security, such as speeding updates and offering bug bounties, but it’s now ramping things up by disclosing flaws for software it didn’t write. The company has launched an Android Partner Vulnerability Initiative (via XDA-Developers) to manage security flaws it discovers that are specific to third-party Android devices. Google hopes to both “drive remediation” (read: prompt faster patch releases) and warn users about potential problems.
The company added that its initiative had already addressed a number of Android issues. It didn’t mention companies by name in a blog post, but a bug tracker for the program mentioned several manufacturers. Huawei had issues with insecure device backups in 2019, for example. Oppo and Vivo phones had sideloading vulnerabilities. ZTE had weaknesses in its message service and browser autofill. Other affected vendors included Meizu, chip maker MediaTek, Digitime, and Transsion.