Google is introducing an Independent Security Review badge to Google Play, the official app store on Android, to signal to users which apps are secure to download and use on their Android phones.
Apps that receive a badge have successfully undergone the MASA or Mobile Application Security Assessment audit. It’s part of a process introduced last year by the App Defense Alliance (ADA), a partnership between Google and security firms Lookout, Zimperium, and ESET that was launched in 2019. It allows developers to submit the public versions of their apps for a third-party review.
The review validates these apps against global mobile app standards and confirms they’ve met a certain minimum in best practices for security and privacy. These include data storage and data privacy practices, cryptography, authentication and session management, network communication, platform interaction, and code quality.
App developers who want to keep their badge will need to have their apps audited annually.
“While certification to baseline security standards does not imply that a product is free of vulnerabilities, the badge associated with these validated apps helps users see at-a-glance that a developer has prioritized security and privacy practices and committed to user safety,” Nataliya Stanetsky of the Android Security and Privacy Team said in a Google Security Blog post.
However, locating these badges requires a bit of effort. Users need to open the Google Play page for a specific app and go to the “Data safety” section.
To make it easier to find these new badges, Google is adding a Play Store banner for specific types of apps and it’s started with VPNs. Now, when a user searches for a good VPN app in the Play Store, a banner appears in the search results, informing users about the security badges.
There’s also an option to click “Learn More” which leads to the App Validation Directory — a list of apps that have passed the security review.
“We’ve launched this banner beginning with VPN apps due to the sensitive and significant amount of user data these apps handle,” Google explains in the blog post.
Top VPNs like ExpressVPN, Private Internet Access, and NordVPN have already undergone the security audit and earned a badge.
Although looking at the Independent Security Review badge is a start, there are other ways to make sure you don’t accidentally download a malicious app. The best and easiest way to do that is to consider getting one of the best Android antivirus apps.