The Google Play Store will now let users know if VPN services downloaded on the storefront have agreed to security audits from independent bodies.
VPN apps that have been audited in accordance with Mobile App Security Assessment (MASA) guidelines (the brainchild of the App Defense Alliance (ADA)) will now have a badge next to them that says ‘Independent security review’ in the Data Safety section.
In a blog post explaining the addition, Google noted there are certain requirements an app must fulfill in order to pass muster with MASA, relating to areas such as data storage and privacy, cryptography, authentication, networking, permissions, and coding.
MASA standards
For an app to be assessed by MASA, though, and thus acquire the new Google badge, only a handful independent cybersecurity firms are accepted as valid auditors, such as Bishop Fox, Dekra, and NowSecure, to name a few.
VPN providers and other privacy tools accept independent security reviews to instill user trust, letting them know that their online activity will not be logged or their true IP addresses revealed, via flaws or intentionally, as this is what the audits will look out for.
Popular VPNs such as ExpressVPN, NordVPN, and Google One already have the new badge, as they have or will be undergoing MASA security audits in due course. However, some other VPNs have been MASA certified but do not have the ‘Independent security review’ badge on the Play Store – at least not yet.
Google has a form for developers to complete if they wish for their app to go through with an independent security assessment, as the tech giant looks to improve the safety of its platform, boldly claiming that its “objective is to make Android the safest mobile platform.”
The Google Play Store has had its fair share of security concerns recently, with it being home to worrying number of apps that are malicious, either containing malware or invading user privacy.
There have also been reports of many unscrupulous VPN services, often given away for free, that are in fact dangerous to users as well.