New Play Store warning affects millions.
Update: Republished on April 30 with a raft of new Android security warnings for both personal and enterprise users.
Google has quietly changed how apps run on your phone. Starting next month, the Android-maker will let apps work differently depending on your phone. The bad news is this could see finance, messaging and other apps stop working properly for you. And the latest data suggests this affects more than half of all users.
This is being driven by the Play Integrity API, which Google says “is an essential tool to help protect your business from abuse such as fraud, bots, cheating, and data theft,” with “apps that use Play Integrity features to detect suspicious activity seeing an 80% drop in unauthorized usage on average compared to other apps.”
But the technology has now changed, and will draw a line between Android 12 and all newer versions of the OS. This means for “all devices running Android 13 and above [it will] make it faster, more reliable, and more private for users.” Conversely, if you’re running Android 12 or older, then everything could now slow down. And that’s a lot of devices — half of all Android phones, to be precise.
Google is also adding “enhanced security signals.” With these, developers can decide how trusted the device is that’s running their app. Google has told developers they can now run differently on “devices running Android 12 and lower than [with]
the enhanced definition on devices running Android 13 and higher.” The same signals enable developers to check how recently a phone was updated.
Google introduced this developer change on an opt-in basis at the start of the year, confirming the deadline for “it automatically updating” for everyone is May 2025. The size of that problem has also just been shared by Google, with more than half of all Android devices yet to update to Android 13 or better. This latest data is worse than thought, albeit we knew that at least one-third of Android devices were out of support.
Around 200 million Android 12 users have an even bigger problem than this Play Integrity API change. Per Android Authority, “Google is no longer backporting security patches to Android 12 or 12L, as both operating systems have reached end-of-life status.” This doesn’t mean device OEMs won’t step in for a time to bridge the gap, but it’s difficult and costly and so don’t rely on that happening.
Android users split down the middle — good and bad.
In addition to pushing apps to behave differently, Google is also pushing for there to be less of them. Last year, the company ramped up its efforts to remove lower quality, higher risk apps from Play Store, and has also introduced warning labels for apps that show worrying signals, such as uninstalls, that might betray a quality issue.
And that hurdle raising is working. According to the latest data from Appfigures (via TechCrunch), “from the start of 2024 to the present, the Android app marketplace went from hosting about 3.4 million apps worldwide to just around 1.8 million… That’s a decline of about 47%, representing a significant purge of the apps that have been available to Android users globally.”
Google previewed this cull last summer. “Apps should provide a stable, responsive, and engaging user experience,” it said, warning that “apps that crash, do not have the basic degree of adequate utility as mobile apps, lack engaging content, or exhibit other behavior that is not consistent with a functional and engaging user experience are not allowed on Google Play.” And here we now are.
This drop in app numbers is not “part of some larger global trend.” The same research found the number of apps in Apple’s store increased over the same period.
The risks from running an unsupported phone OS are made worse with most of us now connecting our personal phones to our employer’s networks and systems. A vulnerability we carry into the workplace puts much more than our own data risk..
Per CSO Online, “vulnerabilities in enterprise network and security appliances accounted for nearly half of the zero-day flaws exploited by attackers last year, according to Google’s Threat Intelligence Group.” And while many of these targeted corporate networking and security appliances, phones figure large in the report.
Zimperium warns “attackers have adopted a mobile-first attack strategy, making it essential for organizations to understand and mitigate mobile risks… Mobile is now a primary attack surface, not a secondary concern and should be treated to the same comprehensive protections as traditional desktops. Despite widespread awareness of mobile threats, security measures across both apps and devices remain fragmented and create security gaps due to misalignment with the realities of today’s threat landscape.”
And from a personal perspective, the key takeaway from Google’s latest research is spyware. Commercial Surveillance Vendors (CSVs) “now contribute a significant volume of zero-day exploitation… Their role further demonstrates the expansion of the landscape and the increased access to zero-day exploitation that these vendors now provide other actors.” Many of the bugs “allowed attackers to unlock targeted mobile device with custom malicious USB devices,” including discovery by Amnesty International that an activist’s Android phone had been successfully targeted.
“The top Android threats,” Zimperium says, “are malicious apps delivered via sideloaded apps and mishing/social engineering… Mishing, especially via SMS, represents a high risk and requires both threat detection capabilities and user training to combat this threat. The time lag between OS upgrade availability and installation by the end user exposes the enterprise to vulnerability risk from outdated/ vulnerable OS.”
And so, “if you still have an Android 12 or 12L device,” or clearly anything even older than that, Android Authority says, “it’s time to upgrade if you value security.” It’s hard to argue. Put simply, if you’re not yet running Android 13 or above you need an OS update at least, and more likely a phone upgrade to something newer.
This post was created with our nice and easy submission form. Create your post!
