Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ


Choose your language

InfoQ Homepage News Google to Improve Security and Privacy of Google Play Apps

Google to Improve Security and Privacy of Google Play Apps

Android developers will have to comply with two new requirements if they want their apps to be available on Google Play in the future. Those include supporting a recent Android version and adding support for 64-bit native code. Additionally, Google will start including some security metadata to improve APK authenticity verification.

According to Google, the main reason for requiring an app to support a recent API version is benefiting from security and privacy improvements that Google has been incrementally adding to the Android platform. This does not mean developers should stop supporting older Android versions, which is still encouraged. Rather, by targeting recent versions of the Android API, developers can ensure their apps no longer rely on features that were removed at some point, such as implicit intents for bindService, or behaviour that was deemed inappropriate, such as trusting user-added CAs by default or accessing user accounts without explicit approval. Similarly, by targeting recent API versions apps can leverage general improvements to the platform, such as background execution limits to improve battery amd memory usage.

Google will be requiring that new apps published on Google Play from August 2018 target at least API level 26 (Android 8.0) using the targetSdkVersion manifest attribute. The same requirement will be extended to app updates starting November 2018. For the future, the minimum allowed targetSdkVersion will be advanced so apps target the latest Android version within one year from its introduction. According to Google, apps that will not comply with this requirement will be restricted in future Android versions.

The requirement to support 64-bit CPUs only affects apps that include native libraries. Google says that over 40% of currently used Android devices have 64-bit support and that their performance is significantly improved by running 64-bit code. Google Play will still support 32-bit apps and devices, so 64-bit support is to be provided in addition to 32-bit support using a single APK or multiple APKs. Developers have almost two years time to transition to 64-bit, since this requirement will come into effect in August 2019.

Finally, in early 2018 Google will start to automatically add some metadata to each APK to certify it was officially distributed through Google Play. This change does not require any actions on developers’ part and will not affect apps behaviour but will be used in future to enable new distribution opportunities with the aim to help users to keep their apps up to date.

Rate this Article