To enhance user privacy, the Google Play store now prominently displays a badge for MASA-audited VPNs. Although an independent audit does not guarantee total security, it signifies that the app developer adheres to basic privacy protocols and avoids common security risks. In the near future, non-VPN apps will also be labeled with a similar auditing tag.
Previously, Google Play already featured the MASA auditing badge in the "Data safety" section of VPN app listings. However, the new badge is more noticeable as it takes the form of a large green shield, akin to verification badges on social media platforms. Additionally, when users search for a VPN or related apps, Google Play will provide an explanation for its "Independent Security Review" badge.
Independent auditing badges are produced in conjunction with the App Defense Alliance (ADA), which introduced the Mobile App Security Assessment (MASA) auditing program in 2022. According to Google, MASA auditing confirms that app developers have implemented the necessary measures to comply with the industry's mobile security and privacy guidelines. Moreover, this program helps detect any basic security vulnerabilities that may have been overlooked by the developers.
Although the MASA program lacks extensive requirements, having some minimum criteria is still preferable to none at all. If a VPN app developer is reluctant to demonstrate compliance with such basic security practices, their trustworthiness may come into question. After all, VPNs have the potential to access all online activities and can be easily exploited.
The Google Play Store is designed to reject apps that are considered malicious or insecure. Although the Independent Security Review badge is a good concept, it highlights the flaws in Google's app review process. Android users should not have to search for badges or labels, but rather be able to install any app from the Play Store with confidence.
The new Independent Security Review badge is currently being rolled out. It may not immediately appear in your Play Store, and some trustworthy VPN apps have not yet undergone MASA auditing. Google stated in its Security Blog post that NordVPN and ExpressVPN are the first apps to receive the independent auditing badge.
Source: Google
Editor's P/S
As a hard fan of Android, I am thrilled to see that Google Play is taking steps to enhance user privacy by prominently displaying a badge for MASA-audited VPNs. This move signifies Google's commitment to providing users with more secure and trustworthy apps. The MASA auditing process, conducted in conjunction with the App Defense Alliance (ADA), helps ensure that VPN app developers adhere to basic privacy protocols and avoid common security risks.
This is a great step forward in improving the overall security of the Android ecosystem. However, I believe that Google should also focus on improving its app review process to prevent malicious or insecure apps from being listed on the Play Store in the first place. By combining these efforts, Google can create a safer and more secure environment for Android users.