While Apple’s app store is heavily regulated, the Google Play Store has mostly lived its life under Google’s laissez-faire attitude. As prolonged as you didn’t get held by Google’s malware scanning, your app was free to do just about anything.
But lately, Google’s hands-off proceed seems to be changing. The company tried to shorten Android’s absolute accessibility APIs only to accessibility apps, but after a energy user revolt, Google is now rethinking that plan.
The Play Store’s biggest change is coming in 2018, though. Recently Google announced it will start environment a smallest API turn that new and updated apps will be compulsory to use. This is a technical change but a large one. Basically, Google will stop usurpation old app code from developers. The pierce won’t mistreat support for inclination using old versions of Android, but it will need developers to adopt new Android facilities and restrictions as they come out.
Every new chronicle of Android comes with a new API level, which changes how the app horizon functions, adding new features, new restrictions, and new confidence measures. Currently, developers can opt out of these changes by just using an old API level, but shortly they will be forced to aim new API levels. This will accelerate Google’s Android changes via the app ecosystem, rather than having to wait years and years for it to occur naturally by Android’s impossibly ineffectual OS refurbish program.
All Android apps must set two API levels internally: first is the “minimum” API level, which determines the oldest Android chronicle the app will run on, and then there’s the “target” API level, which is the top chronicle of Android that the app is wakeful of. Every new chronicle of Android bumps the API turn up one version, and now Android 8.1 is on API turn 27. When Google changes the way the Android app horizon works, it doesn’t wish to mangle old apps, so it locks this functionality behind a new aim API level.
For instance, in API turn 26 (Android 8.0), Google changed the way credentials tasks worked by branch off many power-hogging credentials estimate facilities for apps and requiring them to use a some-more limiting API. In API turn 23 (Android 6.0), Google combined à la grant permissions, permitting users to retard apps from accessing certain device functions. These changes are good for users but some-more limiting for app developers, and they need work to implement. If a developer wanted to be a miserly device hog, they could just confirm to not aim the latest API level, and these restrictions would not request to them. The ability to use an older API turn is meant to be a backward-compatibility consideration, but developers can abuse the underline if they are greedy, lazy, or malicious.
Previously, Google used a “carrot” proceed to getting developers to aim the latest API levels. If you wish entrance to that honeyed new fingerprint API in Android 6.0 or the Vulkan Graphics APi, you’ll need to aim the latest version! Newer versions also come with a horde of mandate and restrictions to make your app a better smartphone citizen, though. New API levels haven’t had much in the way of interesting developer features, though—they’ve mostly been things that are good for users, like reduction credentials processing, stricter permissions, controllable notifications, and pattern conformancy facilities like adaptive icons. These are work for developers to implement, and while they advantage the user, they don’t help developers. The carrot proceed looks like it’s going divided and being transposed with a stick. Google says “Update to a newer API or never refurbish your app again.”
Speeding up ecosystem adoption
Google has published a timeline for imperative API turn adoption. Generally, API levels that are a year old will turn imperative for new and updated apps. This will start in Aug 2018, when targeting API turn 26 (Android 8.0, expelled Aug 2017) will be imperative for new apps. A month later, the requirement kicks in for all app updates.
Requiring all new and updated apps to use an API turn that is a year old will speed up API adoption opposite the Android app ecosystem. We last took a consult of the top 200 non-game apps in late 2015, so we actually know what healthy API adoption speeds demeanour like. Shortly after the recover of Android 6.0 (and a extensive developer preview period), only 5 percent of the top 200 apps targeted the latest API version. Forty-one percent targeted the prior API level, which was 7 months old at the time of the survey.
If we demeanour at the top 200 apps that target an API turn that was a year old or newer, which will be the new smallest requirement in 2018, it was only 78 percent. If we assume the top 200 apps are frequently updated (and they are), Google’s new mandate would strike this to about 100 percent.
Keep in mind, these are just the top 200 apps, which are all done by efficient developers that (I guess) represent the best Android has to offer. The other 2.5 billion apps are substantially reduction well-maintained. Today, there are some important exceptions in the top 200. Facebook still targets Marshmallow, API turn 23. This is two years old and allows the company to evasion Android’s new credentials estimate requirements, definition the Facebook app can run in the credentials all the time, if it wants. Snapchat uses API turn 22, which is almost 3 years old and allows the company to skip Android’s à la grant permissions. This means, just to install the app, you have to approve a pale section of permissions, giving Snapchat your identity, contacts, location, photos, microphone access, device ID, and more. Why would these companies wish to upgrade and give up this access?
Security advantages and faster API deprecation
Setting a smallest building on the API turn should help with security, too. As we’ve created about time and again, Google’s malware scanning isn’t perfect, and infrequently antagonistic apps finish up in the Play Store. Sometimes they even get millions of downloads! If you were going to write a antagonistic app that directed to better Google’s built-in malware scanning, you positively wouldn’t aim the newest API level. You’d use an older chronicle with fewer restrictions on the app, permitting you to wreak some-more massacre and steal some-more information. Now, malware writers will be singular to APIs that are a year old or will have to pretence users into installing the app off the Play Store.
Perhaps the best news in this blog post is that “Future Android versions will also shorten apps that don’t aim a new API turn and adversely impact opening or security.” Hopefully this means Google is going to actually retire API Levels faster, permitting Android to turn some-more streamlined. Letting apps collect their API turn means progressing a ton of old systems for old apps to block into. Sometimes, a new complement comes along and replaces an old one, but Google still has to keep the old complement around, in case an old app wants to use it.
If Google requires all new and updated apps to use a after API, it’s probable that Google could opt to streamline newer versions of Android and mislay these old components. Today, Google’s cutoff indicate seems to be API turn 14, which is the smallest API turn for Google Play Services. API Level 14 corresponds to Android 4.0, Ice Cream Sandwich, which is 6 years old! Android 8.1 Oreo still contains all the components indispensable to make these six-year-old apps work.
The one thing that isn’t happening is a inform of old apps on the Play Store. In late 2018, developers won’t be means to refurbish old apps but regulating the API level, but these apps will still be free to debase on the Play Store forever. This change also won’t impact developers’ ability to make apps for older devices; it will just need that they support new OS facilities one year from release.
August 2018 is a prolonged way away, and this is substantially on purpose. Google is giving developers copiousness of notice, so there shouldn’t be any room for excuses once the restrictions kick in.