November 3, 2023 at 12:54PM
Google Play is now tagging VPN apps with an ‘independent security reviews’ badge if they have undergone an independent security audit. The audit follows the Mobile App Security Assessment (MASA) standard, which sets requirements for data storage, cryptography, authentication, and more. The badge aims to enhance transparency and trust. NordVPN, Google One, and ExpressVPN currently display the badge. Other VPN apps with valid MASA certification may receive the badge soon. The program may expand to other app types in the future. To participate, VPN developers can submit their applications for an independent security review.
According to the meeting notes, Google Play, Android’s official app store, is introducing a new feature to tag VPN apps with an ‘independent security reviews’ badge. This badge will be displayed in the Data Safety Section of the Play Store and indicates that the app’s compliance with the MASA (Mobile App Security Assessment) standard has been independently verified. The MASA standard defines requirements for mobile app security, including data storage and privacy practices, cryptography, authentication and session management, network communication, platform interaction, and code quality.
The goal of this initiative is to enhance transparency and user trust regarding VPN apps, which are considered critical for user privacy and security. VPN providers will need to perform the MASA audit through an approved cybersecurity partner to be eligible for the Google Play badge. Currently, NordVPN, Google One, and ExpressVPN have completed the audit and display the badge on Google Play.
There are other VPN apps that hold a valid MASA certificate but have not yet received the Google Play badge. These include Aloha Browser + Private VPN, Private Internet Access VPN, SkyVPN – Fast Secure VPN, Tomato VPN, and vpnify – Unlimited VPN Proxy. The MASA certifications for these apps can be found in a directory mentioned in the meeting notes.
Google encourages VPN developers and publishers to participate in this program by submitting their applications for an independent security review. Although the ‘Independent security review’ program is currently focused on VPN apps, it is expected to expand to other app types in the future, although no specific timeline has been provided by Google.