Security Review Badges for Android VPN Apps on Play Store

• Written by Shipra Sanganeria Cybersecurity & Tech Writer

The growing need for digital privacy and security has led Google to introduce an Independent Security Review badge for Play Store apps. Found in the Data safety section of Android apps, the badge is displayed for apps that have passed the Mobile Application Security Assessment ( MASA ) audit.

Introduced last year by the App Defense Alliance (ADA), MASA allows developers to have their apps independently reviewed against a global security standard . The requirements to meet minimum security and privacy standards include data storage and privacy, authentication and session management, cryptography, network communication, platform interaction, and code quality.

When displayed, the badge not only declares the developers’ commitment to user security, but also promotes transparency, thus, enabling users to make more informed choices.

However, a user needs to keep in mind that the certification to baseline security standards does not ensure that the app is free of vulnerabilities. It only helps ‘’users see at-a-glance that a developer has prioritized security and privacy practices and committed to user safety,’’ the post stated .

Starting with VPNs, Google will display this Play store banner in the Data Safety section. “We’ve launched this banner beginning with VPN apps due to the sensitive and significant amount of user data these apps handle,” Android Security and Privacy Team’s Nataliya Stanetsky said.

Many VPNs make claims about maintaining user anonymity and following a no-log policy, and to support these claims, some even undergo third-party audits. However, to secure this badge, they also need to conduct the MASA review from a list of approved security partners.

The VPN companies that have already undergone the audit and received the badge include ExpressVPN, NordVPN, Private Internet Access, and SkyVPN .

Google continues to encourage other VPN providers to submit a form for independent security review, thus promoting greater transparency on its Play Store.

Marina Bay Sands’ Security Breach Affects 665,000 Customers

• Written by Shipra Sanganeria Cybersecurity & Tech Writer

Singapore’s Marina Bay Sands (MBS), a luxury resort and casino, disclosed in a public notice that personal data of 665K customers was exposed in a security incident.

According to the integrated luxury resort, the incident discovered on October 20, had an unauthorized third-party gain access to information belonging to members of the Sands LifeStyle loyalty program.

‘’Marina Bay Sands became aware of a data security incident on 20 October 2023 involving unauthorized third-party access on 19 and 20 October 2023 to some of our customers’ loyalty programme membership data,’’ the statement read .

The leaked personal data included members’ name, email address, phone numbers, country of residence, membership numbers and tiers. However, based on its investigation, the company said that it did not find any evidence that the attackers had misused the data to harm the customers.

Nevertheless, this type of information can be used for various targeted scams, including phishing attacks.

Based on its investigation, MBS went on to say that casino members, who are part of the Sands Rewards Club, were not impacted by this incident.

In addition to an investigation, the company also engaged a third-party cybersecurity firm to gain further understanding of the attack and related damages. It has also deployed additional security measures to strengthen its system and protect data.

It further stated that Sands LifeStyle loyalty program members who had their data exposed in this breach, would be notified individually of this incident. The incident was also reported to the relevant authorities in Singapore and other countries where applicable.

This incident comes close on the heels of another major hacking incident of the famous MGM Resorts International and Caesars Entertainment in September 2023. The financially motivated attack is said to be carried out by the notorious ransomware group Scattered Spider (also known as UNC3944), believed to be a subgroup of ALPHV/ BlackCat gang.