Google says Android 14 will improve privacy and security

Google announced the first Android 14 developer preview this week and shared details on some of the security and privacy improvements that the platform update will bring.

Android 14 is expected to arrive on devices sometime in the fall, bringing new features and APIs, as well as behavioral changes that may affect apps. The purpose of the developer preview is to help app developers understand these changes and test their apps for compatibility issues.

One of the security enhancements that the platform update will bring is related to runtime receivers and builds on the changes introduced in Android 13, when Google instructed developers to specify whether broadcast receivers registered by their apps should be visible to other apps on the device.

Prior to Android 13, any app could send unprotected broadcasts to dynamically registered receivers that were not protected by signature permissions.

To help protect apps from security vulnerabilities, "apps and services that target Android 14 and register receivers using contexts need to specify a flag to indicate whether the receiver should be exported to all other apps on the device," Google said.

Android 14 also attempts to protect apps from malware that could intercept intents by restricting apps from sending intents to unspecified packages internally.

Additionally, apps can now send implicit intents only to exported components, and "must use explicit intents to pass to non-exported components, or mark the component as exported," the internet giant explained.

To prevent malicious use of dynamic code loading (DCL), apps built for Android 14 must mark dynamically loaded files as read-only. According to Google, developers should avoid dynamically loading code because it puts apps at risk of code injection or code tampering.

Because some malware versions use API level 22 (to avoid the runtime permissions model introduced in Android 6.0), Android 14 also blocks the installation of apps targeting API levels lower than 23. However, apps with a targetSdkVersion lower than 23 will remain installed.

Android 14 also comes with Credential Manager, a new Jetpack API that supports multiple login methods, including federated login solutions and keys, as well as classic username and password pairs.

Credential Manager, currently in alpha, allows users to create and save keys in Google Password Manager for passwordless authentication across devices in Android and Chrome.