With a new set of developer policy updates, Google improves Android security

With a new set of developer policy updates, Google improves Android security

Starting from November 1, 2022, all newly released/published apps must target an Android API level released within one year from the latest major Android version release. API level targeting for newly published apps API level targeting requirement for newly published apps (Google). Those that fail to abide by this requirement will be rejected from inclusion in the Play Store, Android’s official app store.

Google has announced a number of important policy changes for Android app developers that will improve the security of users, Google Play, and the apps available through the service. These new developer requirements will be in effect from May 11th through November 1st, 2022, allowing developers plenty of time to adjust. The following are the most important policy changes linked to cybersecurity and fraud that will be implemented:

Highlights

  • As Google explains in the blog post about the new policy: “users with the latest devices or those who are fully caught up on Android updates expect to realize the full potential of all the privacy and security protections Android has to offer.” App developers that need more time to migrate to more current API levels may request a six-month extension, although this is not guaranteed for everyone.

  • Existing apps that do not target an API level within two years of the latest major Android version will be removed from the Play Store and will no longer be discoverable. API level targeting requirements for existing apps. API level targeting requirements for existing apps (Google). This change aims to force app developers to adopt the stricter API policies that underpin newer Android releases, typically better permission management and revoking, notification anti-hijacking, data privacy enhancements, phishing detection, splash screen restrictions, and more.

However, this feature is commonly abused by malware [1, 2] to perform actions on an Android device without the user’s permission or even knowledge. Google’s new policies further restrict how this policy can be used, as listed below. Change user settings without their permission or prevent the ability for users to disable or uninstall any app or service unless authorized by a parent or guardian through a parental control app or by authorized administrators through enterprise management software;

This policy change is expected to force many outdated apps to adopt more secure practices but will also inevitably push several projects that are no longer actively developed outside the Play Store. One side effect of the latter could be people turning to obscure sources to get an APK of their favorite app, only to get scammed and infect themselves with malware. Android’s Accessibility API allows developers to create apps that can be used by those with disabilities, allowing the creation of different ways to control the device and use its applications.

Bill Toulas is a technology writer and infosec news reporter with over a decade of experience working on various online publications. An open source advocate and Linux enthusiast, is currently finding pleasure in following hacks, malware campaigns, and data breach incidents, as well as by exploring the intricate ways through which tech is swiftly transforming our lives. I personally like the time saving of the Accessibility API. I only recently did a massive purge of my phone of cache and deleting unused apps. It would have taken me forever. Hope it isn’t banned completely.