Google sets new Android API level requirements to ‘improve the security of the app ecosystem’

Google today said that it’ll require Android apps in main app shops from third-party producers like Huawei, Oppo, Vivo, Xiaomi, Baidu, Alibaba, and Tencent to focus on API stage 26 (Android 8.0) or greater in 2019, in a bid to “enhance the safety of the app ecosystem.” It additionally stated it’ll require all new apps to focus on API stage 28 (Android 9) or greater by August 2019, and mandate that updates to present apps goal API stage 28 or greater by November 2019.

The goal API ranges will “advance yearly,” Google says, and present apps that aren’t receiving updates gained’t be affected by the adjustments.

“Due to the efforts of hundreds of app builders, Android customers now take pleasure in extra apps utilizing fashionable APIs than ever earlier than, bringing important safety and privateness advantages. For instance, throughout 2018, over 150,000 apps added assist for runtime permissions, giving customers granular management over the information they share,” Edward Cunningham, product supervisor on the Android Safety and Privateness Crew, wrote in a weblog put up. “Over 95 % of adware we detect exterior of the Play Retailer deliberately targets API stage 22 or decrease, avoiding runtime permissions even when put in on latest Android variations.”

Along with these new insurance policies, Google says that, on units with Developer choices enabled, Google Play Defend — an automatic safety answer that scans greater than 50 billion apps on billions of units every day — will start to warn customers once they try to put in apps from any supply that don’t goal a latest API stage.

“For instance, a person with a tool operating Android 6.0 (Marshmallow) will likely be warned when putting in any new [app] that targets API stage 22 or decrease,” Cunningham defined. “Customers with units operating Android 8.0 (Oreo) or greater will likely be warned when putting in any new APK that targets API stage 25 or decrease.”

The announcement comes after Google said it might proceed to enhance the automated techniques that assist root out unscrupulous builders within the Google Play Retailer — and after researchers with safety agency Eset and Trend Micro found malicious Android apps hosted on the Play Retailer that had been designed to steal cryptocurrency and trick customers into downloading and putting in a trojan. In a latest weblog put up, the corporate revealed that in 2018, the variety of apps rejected and suspended from the Play Retailer elevated by greater than 55 % and 66 %, respectively, and that tens of hundreds of apps not adherent to the Play Retailer’s person knowledge and privateness insurance policies had been rejected or eliminated.

Google introduced late final yr that it’s paid out over $15 million since launching its bug bounty program in November 2010. And it stated it’s commonly conducting each “static” and “dynamic” analyses of apps with inappropriate content material, impersonators, and PHAs, and “intelligently” utilizing person engagement and suggestions knowledge to assist discover unhealthy apps with “greater accuracy and effectivity.”

Leave a Reply

Back to top button