Google’s campaign to narrow the security gap between Android and iPhone has taken another twist this week, with a major new change to the way in which apps work on your phone. Such security improvements are always welcome. But surprisingly this will severely restrict older phones, pushing all users to new models—if your device is not one of those newer ones, you’ll need to upgrade.
Google says it is now “actively combating bad actors who try to deceive users or spread malware, and giving you tools to combat abuse.” As I’ve reported before, Google’s Play Integrity API enables app developers to prevent users installing or updating apps from unofficial sources—direct installs and third-party stores included, which obviously cuts down the risk of malicious copycat or manipulated apps finding their way onto phones. While Play Protect now monitors apps regardless of their source, Google wants Play Store to be used as a default for installs and updates.
Google says “apps that use Play Integrity features have seen 80% less unauthorized usage on average compared to other apps.” And now it is going further—much further. “Starting today, we’re changing the technology that powers the Play Integrity API on all devices running Android 13 and above to make it faster, more reliable, and more private for users.” But beyond performance improvements, these changes will “make greater use of, hardware-backed security signals… making it significantly harder and more costly for attackers to bypass.”
These signals come with how secure a device is before an app is approved for use. This means how long a device has installed a security update and whether there has been a “security update in the last year on devices running Android thirteen and above. ” This update provides applications with higher security needs, such as banking, financial, government, and business applications, with more tactics to expand their coverage for sensitive functions, such as cash transfer.
The update shown by Google introduces a transparent line between older phones, newer ones, those that have support and those that don’t. “Your app might meet the legacy definition of “meets strong integrity” on devices running Android 12 and earlier compared to the enhanced definition on devices running Android 13 and later.
Only about 55% of Android devices currently run Android 13, 14, and 15, and between 500 million and 1 billion of the remaining 1. 5 to 2 billion active Android devices are running replaced versions of the operating system. This is a major challenge for the Android ecosystem and is helping to fuel its reputation as a much riskier option than the iPhone, which exerts a much more universal influence on its install base.
Zimperium’s Global Mobile Threat Report warns that 14% of all Android phones used in businesses “cannot be updated, making them vulnerable to exploitation. ” The number of iPhones at risk is only 1%.
According to ESET’s Jake Moore, those phones “can be vulnerable to attacks when criminals look for unpatched vulnerabilities and target user data. When phones and tablets don’t have patch management, they don’t get all the latest security updates. ” recent”. They may be safe for the first few weeks or even months after completion, but over time, even if the devices appear healthy, they can also be safely attacked via newly discovered vulnerabilities.
Nico Chiaraviglio, chief scientist at Zimperium, told me that “Android faces increased malware risks, mainly due to its open eco-formula, which allows third-party app retail stores and app downloads. While the App Store review process of Apple creates an illusion of the best Security, malware, and apps that violate Apple’s terms of service can still get through or exploit Day Zero. iOS’s strict app isolation is a double-edged sword: It prevents apps from being exploited. malicious analyze the behavior of the formulas, but also prevents mobile risk detection applications from detecting malware.
It’s this factor that Google addresses update after update, adding Play Store removal, thresholding, and low quality warnings. This is also why Samsung has implemented additional maximum restrictions on new devices by default.
While Android 15 stands out for its security updates, Chiaraviglio also warns that “the fragmented nature of Android updates across vendors and carriers would likely have an effect on the effectiveness of those security innovations by expanding the number of bugs that can be exploited. ” “. model, region, and carrier make plans that release updates over the course of a month, unlike Apple’s everyone, everywhere approach.
The new API is available now for existing Play Integrity API users who want to implement it for their apps immediately. For all other developers, it will be mandatory starting in May 2025. Banking apps and other security apps can be expected to integrate it quickly, closing some of Android’s existing attack surface. I would expect many more apps to follow, making it much harder to use a phone without recent updates. This means that millions of users will want an update until 2025.
A community. Many voices. Create a free account to share your thoughts.
Our network aims to connect others through open and thoughtful conversations. We need our readers to share their perspectives and exchange ideas and facts in one space.
To do this, please comply with the posting regulations in our site’s terms of use. We summarize some of those key regulations below. In short, civilized.
Your message will be rejected if we realize that it seems to contain:
User accounts will be blocked if we become aware or if users are concerned about:
So, how can you be a power user?
Thank you for reading our Community Guidelines. Please read the full list of posting regulations discovered in our site’s Terms of Use.