Google’s plans for improving app security – What does it mean for developers?

Tech giant Google’s Android OS runs on more mobile devices than any other operating system in the world. In 2017 alone, 82 billion apps were installed from the Play store. App security has always been one of the major requisites that end users demand. There can be no compromise on the security front. Google developers and support teams are working in innovative ways to achieve higher data security levels.
Mobile applications collect a lot of user information that includes name, email id, location and much more. Google recently launched an enhanced security and performance improvements for 2018. Developers can expect changes to be made to how apps access user accounts. The user’s system data and device features will not be accessible to apps without explicit permission. This change will enforce protection against malware and ensure overall security.
For access to protected device data, developers must include permission tags in the app manifest. From the second half of 2018, new apps will have to operate at the most recent API level. Users will receive the list of permissions at run-time and can be revoked at their leisure, thereby giving them complete control over what private data is accessed by their most used apps.
These updates are aimed to limit the mobile app’s access to potentially dangerous permissions. Requests for a user’s calendar, camera, contacts, location, microphone, SMS, or storage are classified under the dangerous permissions group. Currently, if an app gains access to any function under this group, the system will automatically grant access any other function within that group. But in future developers will have to keep in mind that every call for private data will rely on user authorization.
Although these new updates will limit security risks, they might lead to reduced functionality and user experience. So far, android has helped developers to use data information to enhance functionality for better user experience. However, the new security limitations, functional details like remembering passwords, capturing text, and even personalizing colors and graphics will all be subject to the new rules.
The security overhaul will by default prevent the OS from trusting user-added certificate authorities (CAs). The safe-by-default option was implemented to promote uniformity while managing file based app data. The new development guidelines offer a standardized protocol for integrating trusted system CAs by implementing improved APIs for defining trust. Another major change that will be implemented in 2019 is that the developers will have to build their apps on the 64 bit version apart from the 32 bit version. To further reinforce the authenticity of the app, Google is going to add more security metadata on top of the APK.
All the above mentioned guidelines will have to be followed by developers while launching or updating their apps. With the increase in the number of android apps on the play store, it has become important to upgrade security measures and also ensure unmatched performance.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s