Google Tasks Developers to Help It Improve Play Store Security

Google has changes in store for the Play Store beginning in mid 2018 that will require developers to make some adjustments to their applications. The moves are meant to bolster security not only in the Play Store, but on end-user handsets as well. Here are the three major updates on deck and what they mean for you. 

First, starting in June 2018 all new apps will need to target API level 26 (Android 8 Oreo) or higher. Existing apps in the Play Store will have until November 2018 to make this same API target change. Moving into 2019, apps will need to target whatever the latest API level is. 

Google put a number of security enhancements into Oreo and it wants all apps to adopt those measures moving forward. Targeting API level 26 will add these protections. Some of the security tools in Oreo include giving users control over what private data apps can access through expanded permissions. Furthest, Oreo helps people and devices conserve power by preventing them from overusing resources, such as battery and memory. Oreo offers lots of limits on background processes, providing a nice performance boost to Oreo devices.

Google says apps that are no longer being updated by the developer will be exempt from this change, though it is encouraging all developers to make the recommended changes.

“Future Android versions will also restrict apps that don't target a recent API level and adversely impact performance or security,” explained Google. “We want to proactively reduce fragmentation in the app ecosystem and ensure apps are secure and performant while providing developers with a long window and plenty of notice in order to plan ahead.”

Second on the list of changes: 64-bit support will be mandatory beginning in 2019. Android has supported 64-bit since Android 5.0 Lollipop. Google says more than 40% of all Android devices already support 64-bit, though they maintain backward support for 32-bit. The benefit of 64-bit code boils down to significantly better app performance. 

The Play Store will require new apps and app updates provide 64-bit versions in addition to 32-bit versions. Google says this can be contained in a single APK or multiple APKs. To be clear, GOogle is not removing support for 32-bits. The Play Store will continue to support 32-bit apps and devices. Google says it is providing advance notice so developers have time to update their code ahead of the transition. More information will be available next year. 

Third and last, prepare for some new security metadata. Google says beginning next year it will add a small amount of metadata on top of each APK for security purposes. This is to verify official apps.

“Often when you buy a physical product, you'll find an official label or a badge which signifies the product's authenticity,” explained Google. “The metadata we're adding to APKs is like a Play badge of authenticity for your Android app.”

Developers won’t need to do anything with respect to this change. Nor will end users. If you’re worried about your APK size, fear not. Google will adjust the Play Store’s maximum APK size to account for the added data. Google insists this will make for “new distribution opportunities for developers” down the road and increase trust in Play Store apps. 

“We deeply appreciate our developer ecosystem, and so hope this long advance notice is helpful in planning your app releases. We will continue to provide reminders and share developer resources as key dates approach to help you prepare,” concluded Google.

Be sure to read the next Mobile article: Android P APIs Target AI, Location, Multimedia, Payments and More