Google app tests for security flaws

Google is releasing a new app to allow users to test whether encryption software is properly protecting their data.

The new tool is released as consumer worries over privacy have grown following bugs like Heartbleed which left data vulnerable to hacks. Similar bugs have popped up throughout the year, shaking faith in widely used open source security software.

{mosads}Google’s app is intended to let developers test their encryption software for compromises.

“Most platforms and devices have secure defaults, but some applications and libraries override the defaults for the worse, and in some instances we’ve seen platforms make mistakes as well,” said Android security engineer Chad Brubaker in a blog post Tuesday.  

The tool is called nogotofail, a play off of a security vulnerability known as “goto fail” that allowed hackers to work around encrypted connections on Apple’s mobile operating system.

“As applications get more complex, connect to more services, and use more third party libraries, it becomes easier to introduce these types of mistakes,” Brubaker said.

Developers can use it on any device that connects to the Internet.

“We’ve been using this tool ourselves for some time and have worked with many developers to improve the security of their apps,” Brubaker said.

Revelations of government spying programs and a dramatic rise in major online breaches have led developers and consumers alike to increasingly demanded assurances their data is safe.

While some government regulators, like the Federal Trade Commission, have lauded industry for promoting consumer privacy and encryption, law enforcement agencies have worried that difficult-to-access devices might hinder criminal investigations.