This article is based on an article from the Japanese edition of Engadget and was created using the translation tool Deepl.
On October 2, Google announced the launch of the Android Partner Vulnerability Initiative (APVI) to manage security issues on devices shipped by Android partners. The initiative will promote the fixing of security issues discovered by Google and provide information to users.
Android already has the Android Security Rewards Program (ASR), which allows security researchers to report issues they find, and the Google Play Security Rewards Program, which reports vulnerabilities in third-party apps. For Android's own vulnerabilities, the Android Open Source Project (AOSP)-based code is released through Android Security Bulletins (ASB).
However, until now, there have been no clear rules for handling security issues found by Google outside of the AOSP code, such as third-party specific issues, and APVI aims to address this issue.
The security issues discovered by Google will be managed in the bug tracker, which will be communicated to OEM partners and also provide information to users. Issues found in HUAWEI, OPPO, and ZTE devices have already been registered, but most of them have been fixed.
Android provides security patches every month, but outside of the Pixel, they are rarely applied in a timely manner. However, if each manufacturer is named for the vulnerability, it's likely to increase the pressure to fix it, including security patches, which could result in a faster release.
This article is based on an article from the Japanese edition of Engadget and was created using the translation tool Deepl. The Japanese edition of Engadget does not guarantee the accuracy or reliability of this article.