Google has announced a number of changes to its Play Store security policies that will come into effect over the coming year.
Starting in September, a new section will be added to Google’s Enforcement policy that will mean inactive or otherwise abandoned developer accounts will be closed after one year of dormancy.
October will see various policies introduced on different dates.
On 15 October, the Device and Network Abuse policy will be clarified to prohibit apps or SDKS that use interpreted languages at runtime – such as JavaScript and Python – from violating any Play Store policies.
Google has provided no reasoning for the change but research from Snyk last year found that Mintegral’s advertising SDK was using JavaScript code on iOS to act as a backdoor.
“We discovered the MTGBaseBridgeWebView class, used everywhere in the [iOS] SDK to communicate with JavaScript, acts as a backdoor, allowing for the invocation of arbitrary functions from the native application code,” wrote Snyk in October.
A new Permissions policy will also be added on that date to provide requirements on use of the Accessibility API and the IsAccessibilityTool.
On 28 October, the User Date policy will be updated to prohibit linking persistent device identifiers to personal and sensitive user data or resettable device identifiers unless for pre-approved use cases.
Fast-forward to 1 April 2022 and Google is adding a new Data privacy and security section to the User Data policy where developers must provide accurate information related to personal or sensitive user data their apps collect, use, or share.
Several other non-security policy updates were also announced by Google this week. This includes restrictions on identifiers in apps that target children, the prohibition of content relating to compensated sexual relationships like “sugar dating”, more complete information required for financial apps, and the ban of spam text and graphics in app titles, icons, and developer names.
You can find all of the upcoming policy changes here.
(Photo by Dane Deaner on Unsplash)
Want to learn about DevOps from leaders in the space? Check out the DevOps-as-a-Service Summit, taking place on February 1 2022, where attendees will learn about the benefits of building collaboration and partnerships in delivery.