Google is initiating its annual security push in order to protect end users and improve the experience of using Android devices. Google has set a new schedule for developers in which it asks them to build their apps for Android 9 Pie starting in August. A firm deadline is set for November.
As new Android versions arrive each year, so too do upgrades to Android security. Android 9 Pie took a big step forward as far as security is concerned by including a new way to handle biometric data. More importantly, Android 9 Pie targets certain behaviors in-app distribution points, such as the Google Play Store.
Since last November, Google has required all app updates distributed through the Play Store to target Android 8 Oreo (API level 26). Starting in August, all new apps will be required to target API level 28, or Android 9 Pie. By November, all updates to existing apps will be required to target API level 28 or higher. Google says existing apps that are no longer being updated can remain as is.
Google is not exempting other distribution points from this requirement. App stores in China run by manufacturers including Huawei, Xiaomi, Oppo, Vivo, Baidu, Alibaba, and Tencent will be mandated to target API level 26.
Google is taking things a step further.
"Over 95% of spyware we detect outside of the Play Store intentionally targets API level 22 or lower, avoiding runtime permissions even when installed on recent Android versions," said Google. "To protect users from malware, and support this ecosystem initiative, Google Play Protect will warn users when they attempt to install APKs from any source that [does] not target a recent API level."
The warnings will be obvious to end users. Starting in August, users will be warned when they try to install an app that does not target API level 26 or up. In November, updates to existing apps will trigger warnings if they don't support API level 26. Starting in 2020, Google says the target API level requirement will continue to advance.
Google notes the warnings will only be triggered when the app targets an API level that's lower than that of the device itself.
"For example, a user with a device running Android 6.0 (Marshmallow) will be warned when installing any new APK that targets API level 22 or lower," explained Google. "Users with devices running Android 8.0 (Oreo) or higher will be warned when installing any new APK that targets API level 25 or lower."
The warnings will first show up in developer builds so app writers can get a taste of what's in store for users should the developer not update his or her app. Users won't be warned when using existing apps that have not been updated.
Google has some suggestions on how developers should get the ball rolling for updating their target API level. You can get started here.