Google has announced several key policy changes for Android app developers to improve the security of users, Google Play, and apps provided by the service. They will take effect between May 11 and November 1, 2022, giving developers enough time to adapt to the new changes. According to BleepingComputer, some of the most important changes related to cybersecurity and fraud include:
New API level targetsStarting November 1, 2022, all newly released/published apps must target an Android API level released within one year of the last major Android version. API level targeting requirement for newly released applications Apps that fail to comply with this requirement will be rejected from Android's official app store, the Play Store. Existing apps that do not target an API level that is within two years of the latest major Android version will be removed from the Play Store. API level targeting requirement for existing applications The change is intended to force app developers to adopt stricter API policies to support newer Android versions, typically with better permission management and revocation, notification anti-hijacking, data privacy enhancements, phishing detection, and more. Google explained in a blog post that the reasoning behind this is simple: "Users with the latest devices or who are fully focused on Android updates want to take advantage of all the privacy and security protections that Android has to offer. Expanding our target level API requirements will protect users from installing older apps that may not have these protections." Users who need more time to migrate can apply for a 6-month extension. The move is expected to force some outdated apps to adopt safer practices, but it will also inevitably push some projects that are no longer actively developed out of the Play Store, causing users to turn to unknown sources to obtain APKs of their desired apps, increasing the risk of malware infection. Accessibility API AbuseAndroid's Accessibility API allows developers to create applications that can be used by people with disabilities, allowing the creation of different ways to control the device and use its applications. However, this feature is often abused by malware to perform actions on Android devices without the user's permission or even knowledge. Therefore, Google's new policy further restricts how it can be used:
Policy for package fetchingGoogle has also tightened the "REQUEST_INSTALL_PACKAGES" permission. It will take effect on July 11, 2022 and apply to all applications using API level 25 (Android 7.1) and above. Many malicious app publishers submit harmless code to the Play Store to get their submission approved, but users unknowingly introduce malicious modules after downloading and installing. Google hopes to strengthen supervision by enforcing a new permission policy. To use this permission, the core functionality of your app must include: sending or receiving app packages, enabling user-initiated installation of app packages. The functionality allowed will now be limited to web browsing or searching, communication services that support attachments, file sharing, transfer or management, and enterprise device management. The REQUEST_INSTALL_PACKAGES permission must not be used to perform self-updates, modify, or bundle other APKs in asset files, except for device management purposes. All updates or installations of packages must comply with Google Play's Device and Network Abuse Policy and must be initiated and driven by the user. This article is reproduced from OSCHINA Title of this article: Google adopts new development strategy to improve Android security Article URL: https://www.oschina.net/news/190791/google-dev-policy-changes-android-security |
<<: Different flavors of dependency injection in Swift
>>: ACM Distinguished Member Shuiwang Ji: Deep Learning in Quantum Chemistry and Physics
When it comes to Android phones, most people have...
If you visit old churches that are hundreds of ye...
"Everyone used to think that there was no ot...
The New Yorker recently reported that Chat GPT...
[[147991]] If you want to create a worst-case sce...
Why do I keep emphasizing virtual projects? Becau...
For a long time, many people have had certain mis...
The traditional auto industry is continuously inc...
At the Tianyi Mobile Phone Trade Fair, when China ...
Why is no one joining my community? Why can't...
[[360191]] According to domestic media reports, L...
Quickly improve your emotional intelligence and m...
2018 may be the year when everyone tried out TikT...
Snacks are a magical thing. When you are in a goo...