Google, on Tuesday, announced app security and performance changes for developers on Google Play. These changes include requiring new apps and updates to existing apps to target the most recent Android API level, compulsory 64-bit app versions by 2019, and addition of security metadata to each APK.
The first update requires all new apps and updates for existing apps to target API level 26 (Android 8.0 Oreo) or higher. This requirement will be mandatory for new apps starting August 2018 and for updates to existing apps starting November 2018. Each year the API level will advance requiring new apps and app updates to target the corresponding API level or higher.
The second update from Google's announcement on the Android Developers Blog is regarding 64-bit support for apps. While 64-bit architecture for apps was first introduced in Android 5.0, the update requires app developers to submit a compulsory 64-bit library within any of their submitted APKs. This mandate will come into place by August 2019. Apps that do not include native code are unaffected. Google claims that over 40 percent of Android devices coming online have 64-bit support, while still maintaining 32-bit compatibility. Apple's iOS 11 recently made the big shift to 64-bit architecture by ending support for 32-bit libraries in June this year.
And, lastly, Google announced that it would be adding security metadata on top of each APK to verify that it was officially distributed by Google Play. This change will not require any action or change from the developers or users. Instead, it will be inserted into the APK Signing Block, thus not altering the app's functionality. This metadata is expected to act as a Play badge of authenticity for the Android app.
The new announcements highlight Google's continued efforts towards improving the quality of content on the Play Store. The tech giant, in August, had rolled out performance and stability rankings for Play Store apps. Over 300 apps were also removed from the Google Play Store, in the same month, for being able to take control of Android devices to perform distributed denial of service (DDoS ) attacks.