How useful did you find this blog post?
★ ★ ★ ★ ★
Boris Valusek, Design Lead, Google Play
The Google Play Store has over two billion monthly active users coming to find the right app, game, and other digital content. To improve the overall store experience, we’re excited to roll out a complete visual redesign. Aligning with Material design language, we’re introducing several user-facing updates to deliver a cleaner, more premium store that improves app discovery and accessibility for our diverse set of users.
To make browsing faster and easier, we’ve introduced a new navigation bar at the bottom of the Play Store on mobile devices and a new left navigation on tablets and Chrome OS. There are now two distinct destinations for games and apps, which helps us better serve users the right kind of content. Once users find the right app or game, the updated store listing page layout surfaces richer app information at the top of each page as well as a more prominent call-to-action button. This makes it easier for users to see the important details and make a decision to install your app. You’ll also notice our new icon system with a uniform shape, helping content to stand out more over UI. If you haven’t done so already, make sure to update your icon following the new icon specifications as soon as possible.
If you’re looking for best practices to make a compelling store listing page, we have several resources to help. To ensure your page resonates well with Android users, use store listing experiments to test for the best app icon, images, video, and descriptions on Google Play. You can also tailor your marketing messages to specific user groups based on their country, install state or even pre-registration by creating custom store listings. For even more, try our free e-learning resource, Academy for App Success.
How useful did you find this blogpost?
Left to right: original icon, new icon (example), original icon in legacy mode
Posted by Patrick Mutchler and Meghan Kelly, Android Security & Privacy Team
Helping Android app developers build secure apps, free of known vulnerabilities, means helping the overall ecosystem thrive. This is why we launched the Application Security Improvement Program five years ago, and why we're still so invested in its success today.
When an app is submitted to the Google Play store, we scan it to determine if a variety of vulnerabilities are present. If we find something concerning, we flag it to the developer and then help them to remedy the situation.
Think of it like a routine physical. If there are no problems, the app runs through our normal tests and continues on the process to being published in the Play Store. If there is a problem, however, we provide a diagnosis and next steps to get back to healthy form.
Over its lifetime, the program has helped more than 300,000 developers to fix more than 1,000,000 apps on Google Play. In 2018 alone, the program helped over 30,000 developers fix over 75,000 apps. The downstream effect means that those 75,000 vulnerable apps are not distributed to users with the same security issues present, which we consider a win.
The App Security Improvement program covers a broad range of security issues in Android apps. These can be as specific as security issues in certain versions of popular libraries (ex: CVE-2015-5256) and as broad as unsafe TLS/SSL certificate validation.
We are continuously improving this program's capabilities by improving the existing checks and launching checks for more classes of security vulnerability. In 2018, we deployed warnings for six additional security vulnerability classes including:
Ensuring that we're continuing to evolve the program as new exploits emerge is a top priority for us. We are continuing to work on this throughout 2019.
Keeping Android users safe is important to Google. We know that app security is often tricky and that developers can make mistakes. We hope to see this program grow in the years to come, helping developers worldwide build apps users can truly trust.
Posted by Edward Cunningham, Android Security & Privacy Team
In a previous blog we described how API behavior changes advance the security and privacy protections of Android, and include user experience improvements that prevent apps from accidentally overusing resources like battery and memory.
Since November 2018, all app updates on Google Play have been required to target API level 26 (Android 8.0) or higher. Thanks to the efforts of thousands of app developers, Android users now enjoy more apps using modern APIs than ever before, bringing significant security and privacy benefits. For example, during 2018 over 150,000 apps added support for runtime permissions, giving users granular control over the data they share.
Today we're providing more information about the Google Play requirements for 2019, and announcing some changes that affect apps distributed via other stores.
Google Play requirements for 2019
In order to provide users with the best Android experience possible, the Google Play Console will continue to require that apps target a recent API level:
Existing apps that are not receiving updates are unaffected and can continue to be downloaded from the Play Store. Apps can still use any minSdkVersion, so there is no change to your ability to build apps for older Android versions.
minSdkVersion
For a list of changes introduced in Android 9 Pie, check out our page on behavior changes for apps targeting API level 28+.
Apps distributed via other stores
Targeting a recent API level is valuable regardless of how an app is distributed. In China, major app stores from Huawei, OPPO, Vivo, Xiaomi, Baidu, Alibaba, and Tencent will be requiring that apps target API level 26 (Android 8.0) or higher in 2019. We expect many others to introduce similar requirements – an important step to improve the security of the app ecosystem.
Over 95% of spyware we detect outside of the Play Store intentionally targets API level 22 or lower, avoiding runtime permissions even when installed on recent Android versions. To protect users from malware, and support this ecosystem initiative, Google Play Protect will warn users when they attempt to install APKs from any source that do not target a recent API level:
These Play Protect warnings will show only if the app's targetSdkVersion is lower than the device API level. For example, a user with a device running Android 6.0 (Marshmallow) will be warned when installing any new APK that targets API level 22 or lower. Users with devices running Android 8.0 (Oreo) or higher will be warned when installing any new APK that targets API level 25 or lower.
targetSdkVersion
Prior to August, Play Protect will start showing these warnings on devices with Developer options enabled to give advance notice to developers of apps outside of the Play Store. To ensure compatibility across all Android versions, developers should make sure that new versions of any apps target API level 26+.
Existing apps that have been released (via any distribution channel) and are not receiving updates will be unaffected – users will not be warned when installing them.
Getting started
For advice on how to change your app’s target API level, take a look at the migration guide and this talk from I/O 2018: Migrate your existing app to target Android Oreo and above.
We're extremely grateful to the Android developers worldwide who have already updated their apps to deliver security improvements for their users. We look forward to making great progress together in 2019.
