Google announced Monday that it will officially roll out Android Developer Certification to all developers to address the problem of bad actors distributing harmful apps “hiding behind anonymity.”
The development comes ahead of verification obligations due to come into force in Brazil, Indonesia, Singapore and Thailand next September, before being expanded globally next year.
As part of this effort, Google requires app developers who distribute apps outside of Google Play to create an account in the Android Developer Console to verify their identity. Those distributing apps through Android’s official app marketplace and verifying their identity may be “already set up,” the tech giant said.
“For the vast majority of users, the experience of installing an app is exactly the same,” said Matthew Forsyth, director of product management for Android App Safety. “ADB or advanced flows are only required when a user attempts to install an unregistered app. This allows us to maintain flexibility for power users while keeping the broader community safe.”
Over the next two months, Android Studio developers will be able to check their app’s registration status directly from within their integrated development environment (IDE) when they generate a signed app bundle or APK.
Developers who complete the Play Console’s developer verification requirements will automatically have their eligible Play apps registered. If an app cannot be registered, developers are required to follow a manual app submission process.
As announced a few weeks ago, power users will always have the option to enable sideloading of unregistered APK files through advanced flows. This requires an authentication step to ensure you are doing this step of your own volition, and a one-time 24-hour waiting period to thwart scammers.
“While this flow is a one-time process for power users, it is carefully designed to prevent users in the midst of fraud from being coerced into installing malicious software through high-pressure tactics,” Forsyth said.
The development comes as Apple revised its Developer Program License Agreement to enforce privacy rules regarding access to live activity and notifications by third-party wearables.
Apple clarifies that third parties “may not use Transferred Information for advertising, profiling, model training, or location monitoring,” and adds, “Transferred Information may not be disseminated to other applications or devices other than your authorized Targeted Accessories.”
The newly added section also emphasized that developers cannot remotely store transmitted information in a cloud service, make changes that “materially” change the meaning of the content, or decrypt the data anywhere other than on the accessory itself.
Source link
