Google has mandated even more “compliance” by device makers with the release of its updated Android 7.1 Compatibility Definition document that says device implementations must meet the requirements and must pass the Compatibility Test Suite or users will be told it is “uncertified” when accessing the Google Play Store.
It's a carrot and stick approach to an old problem and the worst case scenario is that it will block uncertified devices from using the Play Store. But as yet there are no reports of that having happened.
The 86-page guide for Android 7.1 represents Google’s best efforts yet at bringing the operating system used on 90% of the world’s smartphones (more than 4000 different devices from 400 manufacturers), up to similar levels of security and usability as iOS 10.x which supports around 10 devices.
In the case of smartphones, the document says developers must be able to call data from its app including clock, browser, calendar, contacts, messages, gallery, search, music, and settings – mandating that these exist on a handset. It will allow third-party applications to replicate these, but these must not compromise the purpose of Google apps.
{loadposition ray}
It is all good news for developers who for years complained that Android version fragmentation and sheer number and type of devices made it hard to develop Android apps. What Android is doing is similar to other systems open to OEMs, like Windows 10 and iOS, have sought to do with older versions – manage the ecosystem by pensioning off older versions so that the experience is similar across all current devices.
Back to certified devices – these include a Verify Apps feature that checks if there are Potentially Harmful Apps (PHAs) on a device. If a PHA is found, it warns the user and enables them to uninstall the app. It also has a Dead or Insecure (DOI) function that allocates a score to apps based on use and retention rates – a bad app will be quickly discarded and is an indication of PHAs.
It will also keep a close watch over apps in use and if there is tampering or unusual behaviour it can flag it to the user. Google says it has caught 25,000 fake apps in three families of malware using this method.
Android security
Samsung has addressed Android security with its Knox software (aided by BlackBerry) available on its Galaxy class devices and optionally on others. BlackBerry has secured its Priv and later DTek models running on Android.
In most cases these rely on taking the user out of the equation (biometric recognition), rapid patching, on-device encryption, secure folders, app vetting, predictive app behaviour analytics, secure start-up (stopping firmware malware), poisoned website detection (safe surfing), ID protection, VPN, remote management and wipe, and no ability to root the operating system.