App Defense Alliance Migrates Under Joint Development Foundation with Google, Meta, and Microsoft as the Steering Committee
The Linux Foundation | 08 November 2023
Technology leaders unite for app security across ecosystems.
SAN FRANCISCO, CA – November 8, 2023 – Google, Microsoft, and Meta announced they are formally partnering as the founding steering committee to improve app security through a newly restructured App Defense Alliance, under the Joint Development Foundation, part of the Linux Foundation family. The steering committee plans to expand the scope of the Alliance to foster collaborative implementation of industry standards for app security.
Launched by Google in 2019, the App Defense Alliance was established to ensure the safety of the Google Play Store and the Android app ecosystem by focusing on malware detection and prevention. With a growing emphasis on app security standards, the Alliance expanded its scope in 2022 and is now the home for several industry-led collaborations including Malware Mitigation, and App Security Assessments for both mobile and cloud applications.
The evolution of the App Defense Alliance under the JDF represents a significant step forward and demonstrates a shared commitment by the members to strengthen app security and related standards across ecosystems. With a member community spanning an additional 17 General and Contributor Members, the Alliance will support industry-wide adoption of app security best practices and guidelines, as well as countermeasures against emerging security risks.
“The App Defense Alliance will help further strengthen trust and confidence in overall app safety by uniting with others in the industry that share an unwavering commitment to protect users,” said Dave Kleidermacher, VP of Engineering for Android and Made-by-Google Security & Privacy at Google. “I want to thank the other original founding members of the App Defense Alliance from when we started this back in 2019. Google will continue to partner with these mobile threat detection providers to combat threats while actively partnering with the App Defense Alliance and the community to help make apps safer for all users across ecosystems.”
“Successful app ecosystems depend on trust,” said Jenny Hall, Director of Reality Labs Trust at Meta. “The App Defense Alliance will help our industry work with community members to define open standards that help protect people and their data. This is a tremendous opportunity for stakeholders with diverse perspectives to work together in the interest of providing more security and trust to those who use apps regardless of the ecosystem.”
“Trustworthiness of the app ecosystem is critical for end users and for the software industry,” said Oliver Bell, General Manager, Trust and Privacy at Microsoft. “Through this alliance, we aim to help leverage the industry standards that empower developers and end users to build and trust the huge array of solutions in the third-party application ecosystem.”
"The App Defense Alliance's move to the Joint Development Foundation reflects our dedication to open collaboration and innovation in the realm of app security," said Jim Zemlin, Executive Director at the Linux Foundation. "By uniting technology leaders and fostering an open ecosystem of cross-platform requirements, we aim to unlock new dimensions of performance and security for the benefit of our community."
The App Defense Alliance is committed to driving open collaboration and innovation in app security and invites interested organizations to explore membership. To learn more, including how to get involved, participate in discussions, and help shape the evolving role of the Alliance within the ecosystem, please visit their website.
About the Joint Development Foundation
The Joint Development Foundation (JDF), part of the Linux Foundation family of projects, accelerates organizations developing technical specifications, standards, data sets, and source code. JDF provides the corporate and legal infrastructure, experienced support staff, and extensive network necessary to achieve the highest levels of industry and international standardization. For more information, please visit us at jointdevelopment.org.
The Linux Foundation
Digital Communications Manager
QUOTES FROM GENERAL AND CONTRIBUTOR MEMBERS
General and Contributor Members of the App Defense Alliance include BishopFox, Dekra, ESET, KPMG, Leviathan, Lookout, McAfee, NCC Group, NetSentries Technologies FZCO, NowSecure, Orange Cyberdefense South Africa Ltd, Prescient Security, PwC, Schellman, TAC Security, TrendMicro, and Zimperium.
“Bishop Fox holds distinction as a long-standing partner-of-choice for large product and service ecosystems, serving as a preferred vendor for the Google Partner Program and Meta Workplace since the inception of both programs, including having conducted the most Google Partner Assessments to date. While all the vendors have put rigorous methodologies in place individually, by standardizing the methodology and coordination of partner pen-testing under the ADA, Google, Meta and Microsoft are creating an even stronger environment of integrity and trust for partners and customers.” – Gwen Castro, Chief Growth Officer, Bishop Fox.
“At DEKRA, as a Contributing Member, we are proud to display our strong dedication and expertise towards fostering the security of applications. Together, we are confident that we can overcome the challenges that lie ahead and we are committed to setting new industry standards, making significant strides towards a safer and more secure digital landscape." – Rubén Lirio Vera, Head of Cybersecurity Services, DEKTRA.
“As a founding member of the App Defense Alliance, ESET is pleased to see the organization continue to evolve to ensure the Google Play Store and the Android app ecosystem stay one step ahead of cybercriminals. Since 2019, ESET has worked closely with the Alliance to investigate and detect malicious apps, uncover sophisticated threats and protect billions of consumers and businesses from unique banking trojans, spyware, ransomware and many other types of threats. There is still much work to do to stay ahead of cyber adversaries, and we will support the Alliance’s continued expansion and evolution under the stewardship of the Linux Foundation.” – Tony Anscombe, Chief Security Evangelist, ESET.
"For over a decade, Leviathan has been working with all three founding members of the App Defense Alliance. This partnership through the Joint Development Foundation represents an exciting new opportunity to collaborate with all the stakeholders." – Frank Heidt, CEO, Leviathan Security Group.
"Lookout is dedicated to protecting individuals and organizations from the ever-growing threat landscape by providing a data-centric approach to endpoint and cloud security. We provide complete protection against modern cyber attacks, including app, cloud and network threats, phishing attacks, social engineering, credential theft and more. Since 2019, Lookout and Google have worked together through the App Defense Alliance to identify and remove malicious apps from the Google Play Store before they become a threat to the general public. Combining Lookout's expertise with Alliance resources will create a safer and more secure mobile ecosystem for everyone." – David Richardson, Vice President of Endpoint and Threat Intelligence, Lookout.
“NCC Group is delighted to continue to support the App Defense Alliance (ADA) in its mission to establish application security assessment frameworks for mobile and cloud app developers that sensibly raise the bar on the safety and security of the world’s biggest software ecosystems. In support of our purpose to create a more secure digital future, we look forward to ensuring better security outcomes by continuing to guide the development of ADA’s security testing standards and delivering security assessments to the hundreds of software development organizations who’ve participated in similar programs over the last year.” – Kevin Brown, Chief Operating Officer, NCC Group.
"NetSentries partners with Global banks and Forbes 2000 companies across four continents to deliver independent audits and Enterprise security assessments. Our core expertise lies in securing complex, scalable modern-day applications that extensively leverage cloud services and technologies. With a combination of intelligence-driven active assessments, policy, and control validation, our team engages to ensure your security and success with the best-in-class customer experience. We go beyond traditional Security assessment by enabling your team to remediate risks faster and implement threat-informed defense to respond against adversaries." – Sudheer EP, CEO, NetSentries Technologies.
"NowSecure is excited to be a pioneer in the evolution of the App Defense Alliance. NowSecure champions the critical need for mobile app security and privacy, and strongly advocates for standards-based testing and validation leveraging automation and expertise. The increased reach of the App Defense Alliance with the Joint Development Foundation and the Linux Foundation will help scale the protection of the global mobile app ecosystem used by billions." – Alan Snyder, CEO, NowSecure.
“We are excited to partner with JDF / Linux Foundation and collaborate with Google, Meta, Microsoft and other tech giants. As a part of this program, our goal is to help thousands of the app developers achieve and maintain strong security posture. As an offensive security company we dare to make security and compliance accessible to every app developer. We stay committed to supporting the foundation in its mission to protect trust in the app development ecosystem.“ – Fabrice Mouret, President, Prescient Security.
“As a proud member of the App Defense Alliance, Trend Micro fully supports the upcoming phase of enhanced collaboration and standard development that will contribute to a secure and connected world. Our mission is to make the world safe for exchanging digital information, and we are enthusiastic about the continued collaboration with other partner organizations within this broader ecosystem.” – Jamz Yaneza, Senior Manager, Cybersecurity Threat Research, Trend Micro Incorporated.
"As one of the founding App Defense Alliance partners, Zimperium is excited about and supports the migration of the original App Defense Alliance moving under the Linux Foundation – Joint Development Foundation project as a new external alliance. Zimperium looks forward to working closely with the Alliance board, as well as with new and existing alliance members to evolve the program's mission to create a trusted, open, and collaborative alliance across industry leaders – helping drive the development and adoption of industry-approved best practices, security standards, and innovative countermeasures to combat app-based threats and vulnerabilities." – Chris Cinnamo, SVP, Office of the CTO, Zimperium.
About The Linux Foundation
The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, ONAP, PyTorch, RISC-V, SPDX, OpenChain, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.