By Regarding the Android threat landscape, we believe in the science of big numbers. Google touts “a vibrant ecosystem with billions of users around the globe and millions of helpful apps,” so it’s no wonder that the amount of threats it intercepts and removes is equally enormous and outstanding. However, Google’s report card for last year does not tell the whole story. The true story is about how Android is being locked down and why you’ll need a newer model phone in 12 weeks.
Google claims that its “AI-powered threat detection, stronger privacy policies, supercharged developer tools, new industry-wide alliances, and more” resulted in the removal of over 2 million “policy-violating apps” from the Play Store last year, as well as the ban of “more than 158,000 bad developer accounts that attempted to publish harmful apps.” More importantly, Google claims to have “prevented 1.3 million apps from getting excessive or unnecessary access to sensitive user data.”
Permission abuse is widespread on Google, and the company’s efforts to tighten up are good. Despite the fact that over a million apps did not receive permissions they did not require, many others did. Just a week ago, I reported on some of the most popular cryptocurrency apps on the Play Store raising “alarming security and privacy concerns” due to their permissions, and late last year on “the 50 most popular apps” appearing to have “no limits” on the sensitive permissions asked and subsequently misused. Don’t think Google’s large numbers suggest that all of the difficulties have been solved. At least, not yet. This remains a work in progress.
The two most important additions from Google’s blog post are about what’s coming up rather than what has already happened. I’ve previously reported on new on-device monitoring to “automatically revoke app permissions for potentially dangerous apps,” which is a significant step in the right direction and should be appreciated by users. As and when you notice on-screen prompts advising you to uninstall
The other highlight closes the gap with the iPhone by removing some of the weaker limitations that allowed threats to fester more easily in its ecosystem than in Apple’s. “The Play Integrity API,” explains Google, “allows developers to check if their apps have been tampered with or are running in potentially compromised environments, helping them to prevent abuse like fraud, bots, cheating, and data theft.” It also highlights that “apps using Play integrity features are seeing 80% lower usage from unverified and untrusted sources on average,” and that “over 91% of app installs on the Google Play Store now use the latest protections of Android 13 or newer.”
Those final two statistics are essential. Because Google’s Play Integrity API is changing, and for the 750-million-plus Android 12 or older users, you may need to get a new phone if you can’t run a newer OS to maintain your apps working as they do today. According to Google, “We’re changing the technology that powers the Play Integrity API on all devices running Android 13 and above to make it faster, more reliable, and more private for users.” The security wrap will now prioritise hardware-backed security signals, making it more difficult and costly for attackers to circumvent.
Simply put, an app may assess a device’s security before determining how to run. And that decision will be influenced in part by the number of recent security patches and the operating system installed. If it’s older than Android 13, it will give “apps with higher security needs, like banking and finance apps, governments, and enterprise apps, more ways to tailor their level of protection for sensitive features, like transferring money.”
Around one-third of Android devices are running Android 12 or older, indicating that a large percentage of users are most likely out of support and are not keeping their devices secure. Banking and other apps will no longer function as they do today, following this upgrade. If you need these apps, you’ll also need an operating system and possibly a device upgrade when the Play Store update is fully implemented.
The enhanced Play Integrity API was made available to developers in December and is now required for new apps. It will become necessary across the board in May. That’s only 12 weeks from now. At that point, all consumers must be using a relatively new gadget with a relatively fresh OS. You’ve been warned.
Views: 68
