Do you remember the Google Play Store breach in 2021? Just 23 unsecured apps caused the breach, affecting some 100 million Android users. Many -- anxious about chat messages and photos being exposed -- pointed fingers at Google. But a more insidious front has emerged in our war against cybercrime. Our true challenges lie in facing skilled actors operating discretely and navigating the rise of increasingly sophisticated social engineering attacks.
At LastPass, we’re committed to addressing evolving challenges, which is why we’ve pursued and proudly earned “Independent Security Review” badges for our password manager and Authenticator app.
Below, we answer your top questions about the badges and explain what they mean for your privacy and security.
Can I trust apps on Google Play Store?
Unfortunately, there’s no guarantee an app is 100% safe. Still, all Google Play apps undergo security testing, and you can take extra steps to stay safe such as enabling Google Play Protect on your device, scanning app reviews for red flags, researching developer reputations, and prioritizing apps that don’t require permissions beyond what’s necessary for their functionality.
How do I know if a Google Play app is safe?
To find out if a Google Play app is safe, look for these four signs:
- Downloads and rankings: Higher downloads and rankings may indicate a greater level of satisfaction with the app.
- Feedback and reviews: Apps that only have positive reviews may be suspect. Look for reviews that highlight how the app performs and whether negative reviews receive responses from the developer.
- Updates and new features: See how proactive the developers are in maintaining the app by exploring the “Version History” section. You should see the latest bug fixes, security updates, and new features that enhance the app’s functionality and safety.
- Privacy and security: Head to the “Data Safety” section to see what types of data the app collects and whether the app has an Independent Security Review badge.
What is the Independent Security Review Badge on Google Play Store?
The badge certifies an app has third-party (independent) verification of its compliance with international mobile security and privacy standards. Along with continuous updates in “Version History,” the badge adds an extra layer of assurance that your data is being handled safely and ethically.
What is the App Defense Alliance and what are MASA Assurance Levels?
Google-authorized Lab Partners that are part of the App Defense Alliance (ADA) use the Mobile Application Security Assessment (MASA) framework to evaluate apps and their security posture.
There are two MASA Assurance levels:
- AL1: The Authorized Lab Partner scans the apps, and the app developers submit a questionnaire that provides evidence of MASA compliance.
- AL2: The Authorized Lab Partner manually tests and validates an app’s MASA compliance.
What does the App Defense Alliance (ADA) have to do with the Mobile Application Security Assessment (MASA)?
The App Defense Alliance created the Mobile Application Security Assessment (MASA), which allows developers to have their apps independently validated against the Mobile Application Security Verification Standard (MASVS standard).
Our LastPass password manager and Authenticator apps are MASA AL2 certified. Only AL2 certified apps can display the Independent Security Review badge. To see our MASA certifications, head to the ADA Directory page.
How does the Independent Security Review Badge benefit me?
The Independent Security Review badge confirms that our LastPass apps have been validated by independent security experts. We re-certify annually so you can rest easy, knowing that your data is safe.
Whether it’s communicating our security practices, protecting you from evolving threats, or removing the barriers associated with passwords, we’re always working towards a safer future for you and your family.