Last year, Google imposed new requirements in Google Play to force Android applications to target a more recent API level. The reasoning behind Google's decision is to make sure that all users are protected by security measures introduced in newer versions of Android, like background app restrictions and runtime permissions. According to Google, in 2018, over 150,000 applications added support for runtime permissions, a feature which was first introduced in Android 6.0 Marshmallow (API level 23). Starting August of 2018, all new applications submitted to Google Play were required to target Android 8.0 Oreo (API level 26) or higher, while updates to existing applications submitted after November 2018 would also have to target API level 26. Now, Google has announced they are updating these restrictions to push apps to target even newer API levels, as they initially promised. Here are the new timelines:

  • August 2019: New apps are required to target Android 9 Pie (API level 28) or higher.
  • November 2019: Updates to existing apps are required to target API level 28 or higher.

These changes are not surprising, as we already knew about the advancing API level restrictions on the Google Play Store. However, Google made a new announcement that we think is more important for users. Although Google has gotten some major Chinese application markets from Huawei, OPPO, Vivo, Xiaomi, Baidu, Alibaba, and Tencent to also start requiring that applications target newer API levels, Google will also tackle other installation sources. Apparently, the company will use its Play Protect service to warn users an app they're about to install targets an older API level. Here are the timelines:

  • August 2019: New apps will receive warnings during installation if they do not target Android 8.0 Oreo (API level 26) or higher.
  • November 2019: New versions of existing apps will receive warnings during installation if they do not target API level 26 or higher.
  • 2020 onwards: The target API level requirement will advance annually.

It is nice to see that Google is taking drastic steps to improve the state of security on Android. While the Android platform is continuously patched to be more secure, it takes a long time for devices to get major Android updates so many users are left exposed to issues found in older Android releases. According to Google, over 95% of identified spyware target API level 22 or lower, which doesn't support runtime permissions. Requiring updated applications from developers was already a clever move from the company. Getting third-party markets from China on board and using Play Protect to enforce newer API levels takes things to the next level.


Source: Android Developers Blog