Improvising App Security – Google introduces new guidelines for Android Developers

Improvising App Security – Google introduces new guidelines for Android Developers Img
0 shares facebook twitter linkedin

Google’s Android and Apple’s iOS are close competitors in the mobile phone market. As each one releases new updates, the competition becomes more intense. This mobile platform war seems like second part of Windows v/s MacOS.

Well, giving a blow to the burning fire, Google has announced new app development guidelines for Android. Though Android brags a massive number of users, it holds second place whenever a comparison is drawn with iOS. But, Google is trying to plug the loopholes to make android have a fair win in the competition.

Google has announced three changes that it will gradually bring about in the years to come. Moreover, it has explained the reasons for each change and how those changes will help make Android devices become more secure and performance efficient.

The changes are aimed at creating a robust, secure platform, which will benefit both users and developers.

Schedule of releasing the guidelines:

1. Early in 2018:

Google has planned that Play console will add small metadata on top of each APK in order to enhance security.

This is just an additional change where the developers don’t require taking any action. It will strengthen the authenticity of the app at the time of verification process.

2. Second Half of 2018:

As stated, new apps and existing app updates will have to target a recent Android API level, to be part of Google Play. The new apps will have to adhere by these guidelines from August 2018 and the existing app updates from November 2018. The main reason for this change is to make sure that the apps are built on the latest APIs, which have been optimized for more security and better performance.

3. By August 2019:

Google Play console will require the new apps and app updates, with their native libraries, to provide 64-bit versions in addition to 32-bit versions.

Google has given this advance notice in order to help the developers plan their app releases accordingly. Further, reminders will be given and developer resources will be shared to keep the app developers well prepared.

Let’s have a glance at the changes that are proposed to take place:

a. Target Recent API level:

API plays a vital role in the security of the apps. Google has incorporated some behavioral changes in the API. These changes, to target recent API level, will increase the security and privacy protections of Android. It would help the developers in securing their apps and people by providing them malware protection. Few of the changes from recent platform versions are as follows:

  • Implicit intents that are required for bindService() in Android 5.0 is no longer supported.
  • Changes in Runtime permissions in case of Android 6.0
  • For secure connections, the user added CAs are not trusted by default, in case of Android 7.0
  • Explicit user approval is required by the apps to access user account,  in Android 8.0

Many of these changes apply to some selective apps, which declare explicitly their support for new API behaviors, with the help of targetSdkVersion attribute.

For instance, apps with targetSdkVersion 23 of API level, Android 6.0 or high give the user full control over what data or information apps can access with runtime permissions. Likewise, the latest release prevents the apps from using device resources such as battery and memory.

From August 2018, the Google Play console will require apps to target recent level of API. The new apps will have to target API level 26 i.e. Android 8.0 or high. Further, from November 2018, existing apps will also be required to target API level 26.

There will be advancement in targetSdkVersion from 2019 onwards. After each release of Android version, within the span of one year, the new apps and the updates will require to target corresponding API release.

The apps which do not receive any updates will not be affected. And, the developers will get enough freedom to build apps for older Android versions. But, it is advisable to the developers to provide backward compatibility. This is because the future versions of the Android will put restrictions on the apps that are not targeting recent API level.

b. Requirement of 64-bit support

The 64-bit architecture was first introduced in Android 5.0 and at present, approx. 40% of Android Devices have 64-bit support, while still being compatible with 32-bit. With registers and new instruction set, the 64-bit code offers better performance, for the apps using native libraries.

Anticipating future Android devices, the Google Play will require apps to have 64-bit version along with the 32-bit version. This change could be incorporated either in single APK or in one of the several APKs being published. However, Google Play will continue to support apps and devices having 32 bit version; and the apps without native code are unaffected.

This change will get implemented by August 2019. This heads-up is given now, to provide developers ample amount of time, who don’t yet support 64-bit, to plan the transition accordingly.

c. Metadata for Security

Google has planned to add a small metadata on top of each APK. This is done to verify that it has been distributed officially by Google Play. Like a badge or label on a product which indicates its authenticity. This addition of security metadata to the APK is similar to having a badge of authenticity by Google Play, for any Android app.

This is an automatic addition to the APK and requires no action by the developers or users. The metadata is added in the APK Signing Block taking into account the maximum APK size of Google Play. This won’t hamper the functionality of the app. The security metadata addition in the APK would open up new distribution opportunities for the developers. Also, it would help people to keep their apps updated.

Signing Off:

There is an increase in the number of Android apps and therefore, it becomes vital for Google to enhance Android app development, mainly on two factors – security and performance. The former factor i.e. security becomes more important, because Google’s competitor – Apple has already won the competition on it. Well, the year 2018 and the following years are going to be crucial for mobile app development.

We, at Multidots provide mobile app development services, adhering to all the guidelines announced by Google. If you want to incorporate same into your android App, get in touch now.

0 Shares facebook twitter linkedin

Leave a Reply

Your email address will not be published. Required fields are marked *

Hire Expert
WordPress Developers
Hire Now... Hire WordPress Developers