Google Plans To Improve App Security: How can it affect your Android App?

With the rise of Android apps, Google Play has strived to focus on security and performance! There are more than 2 million Android devices, and in the year 2017, 82 billion apps were installed on Google Play. So, it is vital that Google Play makes it a positive experience for their users to discover and install apps that they love.
​
Source: https://www.androidcentral.com/over-82-billion-apps-have-been-installed-google-play-last-year

As we know, every Android application operates within a “process sandbox”. These silos can detect malware and contain them. But if the app requires data sources outside of its unique sandbox, they require permission. Even though Google has tried to keep the app secured, scanners don’t manage to catch everything. The user is not updated about the new permission until he/she updates the app. This makes the users data exposed to malware.
Hence, in the year 2018, Google has announced enhancements for increasing the security and performance for the app. Edward Cunningham, Product Manager of Android states that there are going to be three key changes in year 2018-2019.

Changes in API Requirement

In the second half of 2018, the new apps and app updates in Google Play must be built on APIs which can be optimized for performance and security. Google Play console will require the following updates:

• August 2018: New apps required to target API level 26 (Android 8.0) or higher.
• November 2018: Updates to existing apps required to target API level 26 or higher.
• 2019 onwards: Each year the targetSdkVersion requirement will advance. Within one year following each Android dessert release, new apps and app updates will need to target the corresponding API level or higher.

This update will encourage the developers to create apps that have the latest user-interfacing interface, along with security enhancements. On the other hand, apps that do not adhere to the latest API update will be restricted. Google Play states that it wants to “proactively reduce fragmentation in the app ecosystem”.

64-bit Support Equipment

By August 2019, Android devices will only support the 64-bit code. Android 5.0 Lollipop was the first mobile operated system that introduced higher architecture. Today, more than 40% of devices support 64-bits, and at the same time maintain the 32-bit compatibility.
“The Play Console will require that new apps and app updates with native libraries provide 64-bit versions in addition to their 32-bit versions. This can be within a single APK or as one of the multiple APKs published.”
 
Source: https://android-developers.googleblog.com/2017/12/improving-app-security-and-performance.html

Security Metadata

In early 2018, Google Play plans to start adding a small amount of security metadata on top of each APK to verify the authenticity of the app. The developers or end users have to take no action on this update. This metadata is small and will not alter the functionality of the app. Google Play has further stated, “This metadata will enable new distribution opportunities for developers in the future and help more people keep their apps up to date”.
The metadata that will be added to APK will be like a Play badge of authenticity for the Android app. This will be just like the ‘Trust’ badge that is seen while buying any authentic product. Google Play further states, “We'll adjust Play's maximum APK size to take into account the small metadata addition, which is inserted into the APK Signing Block and does not alter the functionality of your app. In addition to enhancing the integrity of Play's mobile app ecosystem, this metadata will enable new distribution opportunities for developers in the future and help more people keep their apps up to date”.
Source: https://android-developers.googleblog.com/2017/12/improving-app-security-and-performance.html

Additional Security Measurements

Further, Android is imposing restrictions on giving permissions. Permissions are of two types: dangerous and normal. When the app requests for the user’s calendar, camera, contacts, location, microphone, SMS or storage, they are classified as dangerous permissions, which are as of now granted. But by the year 2019, every call for private data will be in the hands of the user.
Another component of Android’s security changes is the function that prevents the OS from trusting user-added certificate authorities (CAs) by default. The goal for changing how Android treats CAs is to provide secure app traffic. Android now offers a standardized protocol for integrating trusted system CAs.  

Conclusion

Google Play has gone tremendously in the year 2017 by reducing the risk within the Android app ecosystem. Although, Google cannot predict the new malware of tomorrow, it is taking all the measures to improve security and provide a seamless experience to the user. In the year 2018-2019, we can foresee the measurements that will be taken to protect user data for Android users, thereby improving app security.