To give users more peace of mind and show that it's taking concerns about Android cybersecurity seriously, Google's rolling out an Independent Security Review badge to highlight which Android VPN apps have gone through an independent security audit.
Last year, the App Defense Alliance, a collaboration between Google, ESET, Lookout, and Zimperium launched in 2019 to solve the Play Store's persistent malware problem, introduced the Mobile Application Security Assessment (MASA) audit. This process enables software developers to have their apps independently validated against a global security standard as a way to signal to users that what they're downloading on their phones has been designed to meet industry mobile security and privacy minimum best practices. The logic is that if developers go the extra mile on their end to mitigate security vulnerabilities and users can make more informed decisions prior to downloading new apps, hackers will have a harder time breaking into users' devices, thus improving the app quality across the ecosystem as a whole if you have one of the best Android phones.
Apps that receive a badge have successfully undergone a MASA audit. To maintain the badge year over year, app developers will need to undergo another independent audit annually.
“While certification to baseline security standards does not imply that a product is free of vulnerabilities, the badge associated with these validated apps helps users see at-a-glance that a developer has prioritized security and privacy practices and committed to user safety,” Nataliya Stanetsky of the Android Security and Privacy Team said in a Google Security Blog post this week.
Now when you search for the best VPN apps in the Play Store, you should see a banner at the top that points you to the Data Safety Section to better understand what the new badge means. If you click the option to Learn More, it redirects you to the App Validation Directory, "a centralized place to view all VPN apps that have been independently security reviewed."
"We've launched this banner beginning with VPN apps due to the sensitive and significant amount of user data these apps handle," Stanetsky explained.
"VPN providers such as NordVPN, Google One, ExpressVPN, and others have already undergone independent security testing and publicly declared the badge showing their good standing with the MASA program," she added.
It's all part of Google's broader push to make the Data Safety Section a one-stop shop for understanding cybersecurity practices in the Play Store. There you can also find details about what kind of data apps are collecting from you, for what purpose, and whether it's being shared with third parties.
How to stay safe from adware and malicious apps
While keeping an eye out for the Independent Security Review badge is a start, there are plenty of other ways you can better insulate your phone from malware attacks. In addition to limiting how many apps you have installed, consider using one of the best Android antivirus apps for extra protection.
If you’re on a tight budget though, Google Play Protect is good in a pinch, as it scans both your existing apps and any new ones you download for malicious code. Google Play Protect recently added real-time scanning so that whenever you go to install a new app, you're prompted by Android's built-in antivirus software to perform an app scan to check if it's safe. If something dangerous is uncovered, Google Play Protect will block the app and prevent you from installing it.