Google announces new changes designed to improve Google Play Store security

Google Play Store app on phone

In its continuing fight against fragmentation and security vulnerabilities, Google has announced three Google Play Store changes that it believes will help with both.

In a post to developers, Google’s Android team says it wants developers to target a recent API level for their apps — meaning the most recent set of routines, protocols and tools for building apps on Android.

The company is giving developers a head start on this change; by August 2018, it’ll be a mandatory requirement that new apps target API Level 26 (Android 8.0) or higher, and by November 2018 updates to existing apps will need to target the Android 8.0 level API or higher.

Google gives a few examples of why this is important, noting that, for instance, only apps with a target of API level 23 (Android 6.0) or higher gives the user full control over what private data – such as contacts or location – the app can access via runtime permissions. Recent releases also help prevent apps from overusing resources like battery and memory.

“We want to proactively reduce fragmentation in the app ecosystem and ensure apps are secure.”

“We want to proactively reduce fragmentation in the app ecosystem and ensure apps are secure and performant while providing developers with a long window and plenty of notice in order to plan ahead,” writes the Android team in its blog post.

Additionally, the Play Console — the place where developer manage all phases of app publishing — will require in August 2019 that developers make sure their apps can run without 32-bit support on 64-bit operating systems. For apps that use native libraries, 64-bit code usually offers better performance in comparison to 32-bit.

Google says over 40 percent of Android devices coming online have 64-bit support. All of those devices are still maintaining 32-bit compatibility, but it’s anticipating future Android devices that support 64-bit code only.

Lastly, in a move that requires no action from developers, Google says it’ll be adding “a small amount” of security metadata on top of each APK to verify that it was officially distributed by Google Play — essentially providing a digital badge of authenticity.

Source: Android Developers Blog