Android Developers Blog

How we fought bad apps and malicious developers in 2018

13 February 2019

Posted by Andrew Ahn, Product Manager, Google Play

Google Play is committed to providing a secure and safe platform for billions of Android users on their journey discovering and experiencing the apps they love and enjoy. To deliver against this commitment, we worked last year to improve our abuse detection technologies and systems, and significantly increased our team of product managers, engineers, policy experts, and operations leaders to fight against bad actors. In 2018, we introduced a series of new policies to protect users from new abuse trends, detected and removed malicious developers faster, and stopped more malicious apps from entering the Google Play Store than ever before. The number of rejected app submissions increased by more than 55 percent, and we increased app suspensions by more than 66 percent. These increases can be attributed to our continued efforts to tighten policies to reduce the number of harmful apps on the Play Store, as well as our investments in automated protections and human review processes that play critical roles in identifying and enforcing on bad apps. In addition to identifying and stopping bad apps from entering the Play Store, our Google Play Protect system now scans over 50 billion apps on users' devices each day to make sure apps installed on the device aren't behaving in harmful ways. With such protection, apps from Google Play are eight times less likely to harm a user's device than Android apps from other sources. Here are some areas we've been focusing on in the last year and that will continue to be a priority for us in 2019:

Protecting User Privacy Protecting users' data and privacy is a critical factor in building user trust. We've long required developers to limit their device permission requests to what's necessary to provide the features of an app. Also, to help users understand how their data is being used, we've required developers to provide prominent disclosures about the collection and use of sensitive user data. Last year, we rejected or removed tens of thousands of apps that weren't in compliance with Play's policies related to user data and privacy. In October 2018, we announced a new policy restricting the use of the SMS and Call Log permissions to a limited number of cases, such as where an app has been selected as the user's default app for making calls or sending text messages. We've recently started to remove apps from Google Play that violate this policy. We plan to introduce additional policies for device permissions and user data throughout 2019.

Developer integrity We find that over 80% of severe policy violations are conducted by repeat offenders and abusive developer networks. When malicious developers are banned, they often create new accounts or buy developer accounts on the black market in order to come back to Google Play. We've further enhanced our clustering and account matching technologies, and by combining these technologies with the expertise of our human reviewers, we've made it more difficult for spammy developer networks to gain installs by blocking their apps from being published in the first place.

Harmful app contents and behaviors As mentioned in last year's blog post, we fought against hundreds of thousands of impersonators, apps with inappropriate content, and Potentially Harmful Applications (PHAs). In a continued fight against these types of apps, not only do we apply advanced machine learning models to spot suspicious apps, we also conduct static and dynamic analyses, intelligently use user engagement and feedback data, and leverage skilled human reviews, which have helped in finding more bad apps with higher accuracy and efficiency. Despite our enhanced and added layers of defense against bad apps, we know bad actors will continue to try to evade our systems by changing their tactics and cloaking bad behaviors. We will continue to enhance our capabilities to counter such adversarial behavior, and work relentlessly to provide our users with a secure and safe app store.

How useful did you find this blog post?

★ ★ ★ ★ ★

An Update on Android Things

12 February 2019

Posted by Dave Smith, Developer Advocate for IoT Over the past year, Google has worked closely with partners to create consumer products powered by Android Things with the Google Assistant built-in. Given the successes we have seen with our partners in smart speakers and smart displays, we are refocusing Android Things as a platform for OEM partners to build devices in those categories moving forward. Therefore, support for production System on Modules (SoMs) based on NXP, Qualcomm, and MediaTek hardware will not be made available through the public developer platform at this time. Android Things continues to be a platform for experimenting with and building smart, connected devices using the Android Things SDK on top of popular hardware like the NXP i.MX7D and Raspberry Pi 3B. System images for these boards will remain available through the Android Things console where developers can create new builds and push app updates for up to 100 devices for non-commercial use. We remain dedicated to providing a managed platform for IoT devices, including turnkey hardware solutions. For developers looking to commercialize IoT products in 2019, check out Cloud IoT Core for secure device connectivity at scale and the upcoming Cloud IoT Edge runtime for a suite of managed edge computing services. For on-device machine learning applications, stay tuned for more details about our Edge TPU development boards.

Google releases source code of Santa Tracker for Android 2018

29 January 2019

Posted by Chris Banes, Chief Elf of Android Engineering Today, we pushed the source code for Google's Santa Tracker 2018 Android app at google/santa-tracker-android, including its 17 mini-games, Santa tracking feature, Wear app and more!

Visually the app looks much the same this year, but underneath the hood the app has gone on a massive size reduction exercise to make the download from Google Play as small as possible. When a user downloads the app the initial download is now just 9.2MB, compared to last year's app which was 60MB. That's a 85% reduction! 🗜️ Android App Bundle We achieved that reduction by migrating the app over to using an Android App Bundle. The main benefit is that Google Play can now serve dynamically optimized APKs to users' devices. Moreover, we were also able to separate out all of the games into their own dynamic feature modules, downloaded on demand. This is why you might have seen a progress bar when you first opened a game, we are actually downloading the game from Google Play before starting the game:

The progress bar shown while a game is fetched from Google Play You can read more about our journey migrating over to App Bundle in a small blog series, starting with our 'Moving to Android App Bundle' post. Gboard stickers One of the new features we added this year was a Gboard sticker pack, allowing users to share stickers to their friends. You might even notice some of the characters from the games in the stickers!

'Santa Dunk' is one of the 20 available stickers We use Firebase App Indexing to publish our stickers to the local index on the device, where the Gboard keyboard app picks them up, allowing the user to share them in apps. You can see the source code here.

The sticker pack being used in a very important conversation Lots of code improvements Aside from the things mentioned above, we've also completed a number of code health improvements. We have increased the minimum SDK version to Lollipop (21), migrated from the Support Library to AndroidX, reduced the file size of our game assets by switching to modern formats, and lots of other small improvements! Phew 😅. Go explore the code If you're interested go checkout the code and let us know what you think. If you have any questions or issues, please let us know via the issue tracker.

Google Mobile Developer Day is coming to GDC 2019

23 January 2019

Posted by Kacey Fahey, Developer Marketing, Google Play

We're excited to be part of the Game Developers Conference (GDC) 2019 in San Francisco. Join us on Monday, March 18th at the Google Mobile Developer Day, either in person or over live stream, for a full day of sessions covering tools and best practices to help build a successful mobile games business on Google Play. We'll focus on game quality, effective monetization and growth strategies, and how to create, connect, and scale with Google. This year's sessions are focused on tips and tools to help your mobile game business succeed. Come hear our latest announcements and industry trends, as well as learnings from industry peers. We will hold a more technical session in the second half of the day, where we'll share ways to optimize your mobile game's performance for the best possible player experience. Also, make sure to visit the Google booth from Wednesday March 20th until Friday March 22nd. Here, you will be able to interact with hands-on demos, attend talks in the theater, and get your questions answered by Google experts. We're bringing a big team and hope to see you there. Learn more about Google's activities throughout the week of GDC and sign up to stay informed. For those who can't make it in person, join the live stream starting at 10am PST on Monday, March 18th. These events are part of the official Game Developers Conference and require a pass to attend. Stay up to date

How useful did you find this blog post?

★ ★ ★ ★ ★

Grow your app business internationally through localization on Google Play

16 January 2019

Posted by Chris Yang, Program Manager, Translation Service It is not uncommon for developers to have the following concerns and thoughts when considering whether to localize their apps: "I just don't have the time!" "Translation is too expensive." "High-quality translation is just hard to find.'' Does this sound familiar? At Google, we consider translation a key component of making the world's information universally accessible and useful. This commitment extends not only to localizing our own products, but also to providing tools to help developers and translators more easily localize their apps. Introducing the Google Play App Translation Service Available in the Google Play Console, the Google Play App Translation Service simplifies localization of your app user interface strings, store listing, in-app product names, and universal apps campaign ads. Thousands of developers have already used this service to reach hundreds of millions of users worldwide. Here is an overview of some of the ways it can help: 1. Quick and easy - Order in minutes and receive your translation in as little as two days.

Small translation orders can be completed in only two days. All orders are completed in eight days or less.

Apply translations directly in the Play Console or download to build with your app.

2. Professional and human - Get high-quality translations by real human translators.

All translations are carefully crafted by professional translators just for you.

Translation providers are selected by Google based on quality and speed.

3. Value for money - Translate your app for as little as $0.07 per word.

Pricing is upfront and simple. You only pay per word for each language you translate.

For example, translating 200 words into one language at $0.07 per word would cost only $14.

Ordering a Translation Find the Translation Service in the Google Play Console:

When you're ready to translate, just select the languages to use for translation, choose a vendor, and place your order.

Select languages to translate into.

Choose what type of content you want to translate.

Easily complete purchase of the service. Language recommendations You can also expand your global footprint with translation recommendations that can help increase installs. The recommendations can be found in the Google Play Console.

The language recommendation feature is developed using machine learning and is based on your app's install history and market data. Did you know that you can reach almost 80% of internet users worldwide with only 10 languages. In particular, the Google Play opportunity in Russia and the Middle East continues to grow. Let us know once you have localized for these markets so we can consider featuring your app or game in the Now in Russian and Now in Arabic collections on the Play Store. Launching the translation Once you download the translation, you'll be ready to publish your newly translated app update on Google Play. Get started with the App Translation Service today and let us know what you think!

How useful did you find this blog post?

★ ★ ★ ★ ★

Get your apps ready for the 64-bit requirement

15 January 2019

Posted by Vlad Radu, Product Manager, Play and Diana Wong, Product Manager, Android
64-bit CPUs deliver faster, richer experiences for your users. Adding a 64-bit version of your app provides performance improvements, makes way for future innovation, and sets you up for devices with 64-bit only hardware.
We want to help you get ready and know you need time to plan. We’ve supported 64-bit CPUs since Android 5.0 Lollipop and in 2017 we first announced that apps using native code must provide a 64-bit version (in addition to the 32-bit version). Today we’re providing more detailed information and timelines to make it as easy as possible to transition in 2019.

The 64-bit requirement: what it means for developers

Starting August 1, 2019:

All new apps and app updates that include native code are required to provide 64-bit versions in addition to 32-bit versions when publishing to Google Play.
Extension: Google Play will continue to accept 32-bit only updates to existing games that use Unity 5.6 or older until August 2021.

Starting August 1, 2021:

Google Play will stop serving apps without 64-bit versions on 64-bit capable devices, meaning they will no longer be available in the Play Store on those devices.
This will include games built with Unity 5.6 or older.

The requirement does not apply to:

APKs or app bundles explicitly targeting Wear OS or Android TV, which are form factors that do not currently support 64-bit code.
APKs or app bundles that are not distributed to devices running Android 9 Pie or later.

We are not making changes to our policy on 32-bit support. Play will continue to deliver apps to 32-bit devices. This requirement means that apps with 32-bit native code will need to have an additional 64-bit version as well.

Preparing for the 64-bit requirement

We anticipate that for most developers, the move to 64-bit should be straightforward. Many apps are written entirely in non-native code (e.g. the Java programming language or Kotlin) and do not need code changes.
All developers: Here is an overview of the steps you will need to take in order to become 64-bit compliant. For a more detailed outline of this process refer to our in-depth documentation.

Inspect your APK or app bundle for native code. You can check for .so files using APK Analyzer. Identify whether they are built from your own code or are imported by an SDK or library that you are using. If you do not have any .so files in your APK, you are already 64-bit compliant.
Enable 64-bit architectures and rebuild native code (.so files) imported by your own code. See the documentation for more details.
Upgrade any SDKs and libraries to 64-bit compliant versions, if needed. Reach out to the SDK or library owner if one is not available. We’re working with top library owners on their 64-bit compatibility.
Test for issues locally once you’ve rebuilt your app.
Rollout to your testers using testing tracks for thorough testing.

Game developers: The three most used engines all currently support 64-bit (Unreal & Cocos2d since 2015, Unity since 2018). We understand that migrating a 3rd party game engine is an intensive process with long lead times.
Since Unity only recently began providing 64-bit support in versions 2017.4 and 2018.2, we are granting an automatic extension to existing games using versions 5.6 or older until August 2021. Unity provides guides that can help you through the process of upgrading to a 64-bit compliant version.
SDK and library owners: Update for 64-bit compliance as soon as possible to give app developers time to adapt, and let your developers know. Sign up and register your SDK to receive updates about the latest tools and information that can help you serve your customers.

Going forward

For those that already support 64-bit - thank you and great work! If you haven’t yet, we encourage you to begin any work for the 64-bit requirement as soon as possible. As we move closer to the deadline, we’ll be updating our developer documentation with more information on how to check if your app is compliant.
We’re excited about the future that 64-bit CPUs bring in areas such as artificial intelligence, machine learning, and immersive mobile. Supporting 64-bit prepares the ecosystem for the innovation enabled by the advanced compute capabilities of 64-bit devices, and for future Android devices that only support 64-bit code.
How useful did you find this blog post?
★ ★ ★ ★ ★

Reminder SMS/Call Log Policy Changes

14 January 2019

Posted by Paul Bankhead, Director, Product Management, Google Play TLDR; As previously announced and directly communicated to developers via email, we'll be removing apps from the Google Play Store that ask for SMS or Call Log permission and have not submitted a Permissions Declaration Form. If you have not submitted a permissions declaration form and your app is removed, see below for next steps. We take access to sensitive data and permissions very seriously. This is especially true with SMS and Call Log permissions, which were designed to allow users to pick their favorite dialer or messaging app, but have also been used to enable many other experiences that might not require that same level of access. In an effort to improve users' control over their data, last October we announced we would be restricting developer access to SMS and Call Log permissions. Our new policy is designed to ensure that apps asking for these permissions need full and ongoing access to the sensitive data in order to accomplish the app's primary use case, and that users will understand why this data would be required for the app to function. Developers whose apps used these permissions prior to our announcement were notified by email and given 90 days to either remove the permissions, or submit a permissions declaration form to enable further review. More about app reviews We take this review process seriously and understand it's a change for many developers. We apply the same criteria to all developers, including dozens of Google apps. We added to the list of approved use cases over the last few months as we evaluated feedback from developers. Our global teams carefully review each submission. During the review process, we consider the following:

Likelihood that an average user would understand why this type of app needs full access to the data.

User benefit of the feature.

Importance of the permission relative to the core functionality of the app.

Risks presented by all apps with this use case having access to this sensitive data.

Availability of more narrow alternatives for enabling the feature.

With this change, some uses cases will no longer be allowed. However, many of the apps we reviewed with one of these permissions can rely on narrower APIs, reducing the scope of access while accomplishing similar functionality. For example, developers using SMS for account verification can alternatively use the SMS Retriever API, and apps that want to share content using SMS can prepopulate a message and trigger the default SMS app to show via intents. Tens of thousands of developers have already resubmitted their apps to support the new policy or have submitted a form. Thank you! Developers who submitted a form received a compliance extension until March 9th. Next steps Over the next few weeks, we will be removing apps from the Play Store that ask for SMS or Call Log permission and have not submitted a permission declaration form. If your app is removed and you would like to have it republished, you can do one of the following in the Play Console:

submit a new version without these permissions, or

submit a new version of your app that retains the permissions. Doing so will require you to complete a permissions declaration form inside the Play Console (coming soon) and will give you an extension until March 9th to remove the permissions or receive approval for your use case.

Keeping our overall Android ecosystem healthy is very important, and protection of user data is vital to the long term health of all developers. We know these changes have required significant work from you and we appreciate your efforts to create innovative experiences while protecting user's privacy.

Developers Blog