Google wants to make Android more secure. And as Steve Kafka and Khawaja Shams of Android’s security and privacy team explain, a lot of steps have been taken over the past year to protect users from malicious actors.
In particular, Google indicates that it has improved its AI, as well as the process for reviewing apps that request integration on the Play Store. And thanks to these efforts, the firm would have blocked 1.2 million applications that did not respect the rules of the store, and banned 190,000 developer accounts. Besides that, 500,000 accounts that were inactive or abandoned were also reportedly deactivated.
Google also secures SDKs
Google has also strengthened the protection of user data compared to SDKs. As a reminder, these are “kits” developed by third parties that developers can add to their apps in order to add additional functionalities. However, this sometimes involves sharing user data.
“SDKs provide functionality to app developers, but sometimes it can be difficult to know when an SDK is safe to use. Last year, we engaged with SDK developers to create a safer Android and Google Play ecosystem. Through this work, SDK developers have improved the security of SDKs used by hundreds of thousands of applications impacting billions of users”says Google.
In addition, Google also wants to limit the amount of data developers have access to. “The best way to ensure the security of user data is to first limit access”believes the firm.
Thanks to this policy, 98% of applications that have migrated to Android 11 or later have reduced the sensitive data or APIs they have access to. And with Android 12, Google restricted access to an API called Accessibility API, which was particularly sensitive.
The Play Store now displays App Store-style privacy labels
And as we mentioned in a previous article, Google launched, this week, the sensitivity labels on the Play Store. As on the iOS App Store, this new section of the Android app store allows users to know what personal data will be processed by an app. This section also includes information on security practices (such as the use of an encryption system).
Finally, it should be remembered that currently, Google is working on an equivalent of Apple’s ATT, in order to fight against advertising tracking between Android applications. But before cracking down on advertising identifiers on Android, the firm will first have to find a solution that will allow developers to continue to monetize their apps by displaying relevant advertisements, while satisfying the privacy requirements of Internet users.