Security Experts:

Connect with us

Hi, what are you looking for?


Application Security

Google Updates Target API Level Requirements for Android Apps

Google this week announced updated target level API requirements for Android applications in an attempt to improve the overall security of the ecosystem.

Google this week announced updated target level API requirements for Android applications in an attempt to improve the overall security of the ecosystem.

Per the updated requirements, all applications will have to target “an API level within two years of the latest major Android release” to remain discoverable for new users with devices running newer Android versions.

Basically, once the change enters into effect, users on the newest Android iterations will not be able to install older applications, which may lack some of the latest protections the mobile platform offers.

“Users with the latest devices or those who are fully caught up on Android updates expect to realize the full potential of all the privacy and security protections Android has to offer,” Google says.

Since new versions of Android are released each year, the internet giant will adjust the requirement window accordingly.

Most of the applications that are currently available in Google Play already meet these requirements, but there still are some apps that require attention, and this is why developers are being notified, Google explains.

The company also provides developers with the necessary resources to help them ensure their applications abide by the new standards, including a technical guide on migrating apps and a Help Center article on API level requirements.

[ READ: Google Details New Privacy and Security Policies for Android Apps ]

Furthermore, Google allows developers to request an optional six-month extension period if they feel they need more time to migrate their applications to a higher API level.

“Current users of older apps who have previously installed the app from Google Play will continue to be able to discover, re-install, and use the app on any device running any Android OS version that the app supports,” Google says.

In May 2022, an updated policy that will enter into effect will essentially prevent users from specific regions from accessing applications that display content deemed inappropriate for that region.

Another policy update that will enter into effect next month will prohibit “caste- and immigration-related hate speech.”

Additionally, Google is making some changes to its deceptive behavior policy regarding apps that offer oximeter functionality, and is updating the Accessibility policy to make it clear that the Accessibility API should not be requested for remote call audio recording.

Related: Google Introduces ‘Privacy Sandbox’ for ​​Ads on Android

Related: Android App Developers Required by Google to Share More Info on Data Handling

Related: 44 Vulnerabilities Patched in Android With April 2022 Security Updates

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.