MOUNTAIN VIEW, Calif.—Your next Android app may know your phone's been hacked before you notice, courtesy of a new Google Play feature announced Tuesday.
The tools added to Google’s Play Integrity API aim to give developers a heads-up that their Android apps could be operating on an untrusted device:
- "App access risk” allows Android to notify an app if another app might be recording the screen, overlaying content, or taking control of the phone. Those are common attack techniques of mobile malware, although accessibility software can also employ them; Google says this risk-assessment feature is designed to recognize accessibility apps.
- An app can also check with Google’s Play Protect to see if that security-screening software is active and has detected any malware.
- Developers can also do a recent-device-activity check for devices going haywire with requests for data, a common sign of a phone that’s been enlisted in a botnet.
Play Protect should also alert the user directly in these cases, but we can imagine distracted or confused people ignoring those alerts.
To help developers ship less buggy code, Google has also augmented its console for managing software-development kits to cover additional SDKs, including open-source releases, and put a series of pre-review app checks behind one interface.
These security updates come as lawsuits alleging abuse of market power by Google have pushed the company to expand Android’s openness to competing app stores and “sideloading” direct from developer sites without making phones more exposed to malware. Last year, for example, Google announced that Play Protect would automatically scan sideloaded apps.
Both alternative app stores and sideloading can offer developers a way out of handing over “service fees” to Google on in-app digital transactions that typically start at 15% for their first $1 million in revenue a year.
Other Google Play changes announced at I/O aim to make it easier for developers to catch the attention of a potential customer. The most helpful among them might be the ability to customize a Play Store listing to a potential user’s device with screenshots, ratings, and reviews specific to their own phone or tablet. Because the experience of an app on an entry-level Samsung A15 can vary greatly compared to what somebody sees on a Galaxy S24 Ultra.
Developers can also tweak listings based on the search terms that people type into Google Play, and get keyword suggestions for those listings in the Play Console. And they can join a developer preview to create presentations that include “a full-screen immersive experience with personalized recommendations and promotions.”
Finally, Google’s Play news includes an expansion of payment options that include support for such mobile-payment options as Brazil’s Pix as well as the ability for customers in India to ask a friend or family member outside their Google Family group to pay for an app via a request sent in a text or email.
And developers can now price anything on Google Pay for as much as $999.99 or the equivalent in local currency–but we encourage you to think very, very carefully before spending that much on any digital item.