TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

The Hacker News

Google's Android Apps Get Public Verification to Stop Supply Chain Attacks

[email protected] (The Hacker News) · 2 hours ago · Read original ↗

ATT&CK techniques detected

4 predictions
T1195Supply Chain Compromise
72%
“release cycle. " this provides a transparent ' source of truth ' that allows anyone to verify that the google software on their android device is a production version authorized by google and has not been modified by an attacker, " google noted. " if the software is not on the le…”
T1195.001Compromise Software Dependencies and Development Tools
54%
“release cycle. " this provides a transparent ' source of truth ' that allows anyone to verify that the google software on their android device is a production version authorized by google and has not been modified by an attacker, " google noted. " if the software is not on the le…”
T1195.002Compromise Software Supply Chain
45%
“release cycle. " this provides a transparent ' source of truth ' that allows anyone to verify that the google software on their android device is a production version authorized by google and has not been modified by an attacker, " google noted. " if the software is not on the le…”
T1195Supply Chain Compromise
33%
“google ' s android apps get public verification to stop supply chain attacks google has announced expanded binary transparency for android as a way to safeguard the ecosystem from supply chain attacks. " this new public ledger ensures the google apps on your device are exactly wh…”

Summary

Google has announced expanded Binary Transparency for Android as a way to safeguard the ecosystem from supply chain attacks. "This new public ledger ensures the Google apps on your device are exactly what we intended to build and distribute," Google's product and security teams said. The initiative builds upon the foundation of Pixel Binary Transparency, which Google introduced in October 2021