
Google Says “No” to Independent Security Audits on Android - kushti
https://zomiaofflinegames.com/google-says-no-to-independent-security-audits-on-android/
======
escap
The app in question is [https://github.com/nowsecure/android-
vts](https://github.com/nowsecure/android-vts)

------
on_and_off
truly awful title.

I first thought that it meant that Google somehow forbid security audits on
AOSP codebase, which sounded very silly (how do you prevent somebody from
peeking into on open source codebase ? )

The article does not help either ...

summary : VTS is an app which tests for security vulnerabilities by trying
them one by one.

It has been flagged by Google Play as exploiting these security
vulnerabilities which makes sense since it does and there is no way to prove
that the app does not take advantage of them.

I guess that the only way to distribute such an app would be directly via its
source code ?

