In the past two years, Google has forced the developers to patch security issues in more than 275.000 Android applications, which are hosted on the official store. In most of the cases, the big search engine company has told the developers that that Google Play Store will stop updating the applications that have serious security issues.
We remind you that since 2014, Google has been scanning applications that have been published in the official Android store. Whenever a security issue is found in an application, the developer is noticed via Google Play Developer Console and email.
We remind you that when Google has started this program, it only scanned applications for embedded Amazon Web Services (AWS) credential, which was a very common issue back then. The exposure of AWS credential can actually lead to compromises of the cloud servers, which are used by applications to store the user content and data.
Later in 2014, Google has begun scanning for embedded Keystone files. These particular files contain private and public cryptographic keys, which are used to secure connection or encrypt data.
The developers have just received notifications during the early days of the ASI program, which means that there was no pressure. However, that changed in 2015, when the big search engine company has expanded the types of issues it scanned for and also started forcing the developers to fix their issues before a given deadline.
It seems that the developers who fail to fix the issues within the deadline provided by Google can lose the ability to release future update for their applications via the Google Play Store.
The Google Play App Security Improvement program has helped the developers to fix over 100.000 applications. However, until now, Google has found over 275.000 applications with issues, which means that there are still over 175.000 applications left with problems.