Google announces raft of Play Store security policy updates

Google has announced a series of changes to its Play Store security policies that will take effect over the next year.

Starting in September, a new section will be added to Google App policy which will mean that inactive or abandoned developer accounts will be closed after one year of inactivity.

October will see various policies introduced on different dates.

On October 15, the Device and network abuse Policy will be clarified to prohibit applications or SDKS that use interpreted runtime languages ​​such as JavaScript and Python from violating Play Store policies.

Google hasn’t provided any reasoning for the change, but Snyk’s investigation last year found that Mintegral’s Advertising SDK was using JavaScript code on iOS to act as a back door.

“We discovered the MTGBaseBridgeWebView class, which is used everywhere [iOS] SDK to communicate with JavaScript acts as a back door, allowing the invocation of arbitrary functions from the native application code. ” wrote Snyk in October.

A new Permissions The policy will also be added on that date to provide requirements on the use of the Accessibility API and the IsAccessibilityTool.

On October 28, the user date policy will be updated to prohibit the linking of persistent device identifiers to personal and sensitive user data or device identifiers that can be reset, unless in pre-approved use cases.

Fast forward to April 1, 2022 and Google will add a new data privacy and security section to the User data policy in which developers must provide accurate information related to personal or confidential user data that their applications collect, use or share.

Google also announced several other non-security policy updates this week. This includes restrictions on identifiers in apps targeting children, a ban on content related to compensated sex such as “sugar dating,” more comprehensive information required for financial apps, and a ban on unwanted text and graphics in titles, icons, and developers. Of applications. Names.

You can find all the upcoming policy changes here.

(Photo by Dane deaner in Unsplash)

DevOps

Want to learn about DevOps from the leaders in the space? Review the DevOps as a Service Summit, which will take place on February 1, 2022, where attendees will learn about the benefits of creating collaboration and partnerships in delivery.

Tags: android, featured, google, javascript, play store, policies, policy, python, security

Leave a Comment