Continue to improve the security and performance of Android applications

Continue to improve the security and performance of Android applications


Every year, Google Play helps billions of apps to be installed or updated. We have been committed to improving App security and performance to ensure that every user can get the best experience, explore and install their favorite apps and games.

Today, we would like to briefly explain the three changes to Android developers, the reasons behind them, and how they can make Android devices run more securely and smoothly.

  • Starting from the second half of 2018, Google Play requires new apps and app update packages to set the Target SDK Version to the latest version. For newly released apps, this change will be implemented in August 2018 ; for existing app version updates, this change will take effect from November 2018 . Developers should pay attention to this time to ensure that the App is developed based on the latest API to obtain security and performance optimizations.

  • Starting in August 2019 , Google Play requires that apps that are released and updated with native libraries must provide both 64-bit and 32-bit versions.

  • In addition, starting in the first half of 2018, Google Play will add a small amount of security metadata to the header of each APK to further verify the authenticity of the App. This change does not require any action on the part of the developer.

We attach great importance to the developer ecosystem, and hope this article can help you to successfully release the App. And we will continue to issue reminders and share developer resources to help you make full preparations before the critical date node.

Starting from the second half of 2018, new API target level regulations

API behavior changes can improve Android security and privacy protection-helping developers improve App security and prevent users from being attacked by malware. The following is a list of several API changes that we have launched in response to recent platform versions:

  • No longer supports calling bindService via implicit intent () (Android 5.0)

  • Request permissions at runtime (Android 6.0)

  • By default, the CA certificate added by the user for secure connection is no longer trusted (Android 7.0)

  • The App cannot access the user account without the user's explicit approval (Android 8.0)


The above changes only apply to apps that clearly indicate that they support the new API behavior in the targetSdkVersion manifest attribute. For example, only in an App with a targetSdkVersion value of 23 (Android 6.0 adaptation API level) or higher, the user can completely control which private data the App can access by setting "Request permission at runtime" such as contacts And location information.

Similarly, several recently released versions have also improved the user experience, such as preventing the App from suddenly over-consuming resources such as battery and memory. The background execution limit is a good example.

In order to allow users to enjoy the best Android experience, the Google Play Management Center will require the App to set the target API level to the latest version:

  • August 2018: New apps need to set the target API level to 26 (Android 8.0) or higher

  • In November 2018, the update package of the existing App needs to set the target API level to 26 or higher

  • After 2019: new requirements will be proposed for targetSdkVersion every year. Within one year of the release of the new version of the Android system, App development and updates need to adjust the API to a corresponding or higher level.

Existing apps that are no longer updated will not be affected. Developers can choose whether to use minSdkVersion or not, and they can still develop App based on the old version of the Android system.

We recommend that developers try to provide backward compatibility as much as possible. In the future, the Android system will set restrictions on apps that do not meet the API requirements and lack security and performance. We will take proactive measures to reduce the fragmentation of the App ecosystem and ensure that the App runs safely and smoothly. We will notify the developers in advance so that you can plan accordingly.

This year we officially released Android Oreo . In terms of safety and performance, Oreo is currently the best Android system. At the same time, we also released the Project Treble plan to accelerate the system update speed on the device. Please start developing App for Android 8.1 Oreo now .

64-bit support will be required starting in 2019

Starting from Android 5.0, the Android platform has added 64-bit architecture support. So far, 40% of Android devices support the 64-bit version and are compatible with the 32-bit version. Generally speaking, if the App uses a native library, 64-bit code usually provides significantly better performance because the architecture supports a larger number of registers and an updated instruction set.

It is expected that Android devices may only provide 64-bit code support in the future, and the Google Play Management Center requires new apps and App update packages to run on devices without 32-bit support. Apps that use 32-bit libraries need to be compatible with 64-bit libraries at the same time-they can be packaged in the same APK when released, or as one of multiple APKs. Apps that do not contain native code are not affected by this requirement.

The above changes will take effect from August 2019. This advance notice is to allow developers to have sufficient time to prepare for 64-bit code support. We will launch a series of related articles later to discuss in depth what performance optimizations 64-bit native libraries bring to Android, so stay tuned. For more information, please refer to the Android NDK CPU and Construction Guide:

https://developer.android.google.cn/ndk/guides/arch.html

Adopting security metadata in the first half of 2018

Starting next year, we will add a few security metadata at the top of each APK to verify that the App is officially released through Google Play. For example, if you go shopping, the trademark printed on it is used to determine the authenticity of the product. The metadata we added to the APK also serves the same purpose, telling users that the App was officially downloaded by "Google Play".

This change does not require any action by the developer or user. We will adjust the upper limit of the APK volume in Google Play according to the size of the added metadata, and add it to the APK Signing Block, without any impact on the functionality of the App. These metadata can not only enhance the integrity of the Google Play mobile App ecosystem, but also provide developers with new publishing opportunities and help more users enjoy the latest App.

Looking to the future

2017 is an extraordinary year for Google Play. Together, we have witnessed the growth and success of many developers. We have been working hard to improve various functions (including those previously proposed at the Google I/O 2017 Developer Conference and Playtime Conference ) to help developers improve App quality and create more business value.

We hope that these features and upcoming updates will help the Android and Google Play ecosystem continue to flourish in 2018 and beyond.