To improve the security of Play Store, Google has released a new section to its Android Developers website with a series of guidelines and best practices. Because Android is an open-source, many people think that it’s easily attacked by viruses, hacking, and malware. So the security is the result of a relationship between Google and developers, and the company wants to change people’s perception to be that Android is the safest mobile platform on the world.
The outlined best practices are based on three premises. The first relates to how apps store and use end-user data. The best practice just uses the sensitive API when it’s necessary for using the function of the app. Besides, the guideline also claimed that any data from external storage when connected to the device would be verified first before the use. The second premise is surrounded by two guidelines and pertains for the security methods. The communications between applications and servers will be uploaded to HTTPS or SSL secure connections. Additionally, Google said that developers had to update the version of Google Play Services in use and the associated security provider for the SSL exploit prevention. The last guideline wants developers to pay more attention to the permissions used in their apps, especially the library-specific permissions are allowed when a new library is imported into the build of the app.
A set of best practices relating to storage, retrieval of data, permissions use, and secure data transport will help decrease problems of malware that infect directly to apps and cause the effects of other security holes. Unluckily, due to the open-source nature of Android, so it is up to developers to make changes to create better secure apps. Adding new security features and several solutions such as the explanation for setting up runtime permissions or configuring network security settings, Google provides the necessary tools for experienced developers to make a secure for their apps with best practices. The guideline also offers further information about the Google Play App Security Improvement Program, which provides financial supports to developers outside of Google who help make Android safer.