Last year at the I/O, Google previewed “Android Instant Apps,” a new way to run Android apps without installing on the device, so the users can “discover and run apps with minimal friction.”
Now today, a few of these Instant Apps in a limited test are relesased to Android users including apps BuzzFeed, Wish, Periscope, and Viki.
We’ve been working with a small number of developers to refine the user and developer experiences. Today,
The team notes, this experience will expand to more apps and users after collecting user feedback and iterating on the product.
Developers interested in instant app, “need to first update their existing Android app with the Instant Apps functionality, and then modularize the app, so part of it can be downloaded and run on-the-fly.”
To make this change, you can use the same Android APIs and Android Studio project. And, the full SDK will be available later in the coming months.
To learn more about preparing your app for Instant App, see this help article.
Back in April 2016, Google described how with “Google Play App Security Improvement” (ASI) program developers fixed security issues in as much as 100k applications, and since then, 11 more new security issues are detected and the developers are notified with resources and guidance to update their apps. Because of this, “over 90,000 developers have updated over 275,000 apps,” writes the team.
Since, ASI now notifies of about 26 potential security issues, they introduces a new page for developers to find all the information about these security issues in one place.
The page includes links to help center articles containing instructions and additional support contacts.
All the Android devices comes pre-loaded with a security solution “Verify apps with Google Play,” that checks a device and warns the user to uninstall the “Potentially Harmful Apps” (PHAs). However, sometimes, a device stop checking up with Verify apps, and it’s considered “Dead or Insecure” (DOI).
In a post, the Android team explains the process of indetifying the reasons that devices stop working and prevent it from happening in the future. “We use DOI metric, along with other security systems to help determine if an app is a PHA to protect Android users. Additionally, when we discover vulnerabilities, we patch Android devices with our security update system,” the team said.
“A DOI app is one that is downloaded with a high enough percentage of DOI devices.”
In this process, to flag a DOI app, they focus on ‘retention’rate of a device, “if an app’s retention rate is a couple of standard deviations lower than average (calculated by Z-score), the DOI scorer flags it, among the three well known malware families— Hummingbad, Ghost Push, and Gooligan.”
The DOI scorer and all of Android’s anti-malware work is one of multiple layers protecting users and developers on Android.
For an overview of Android’s security and transparency efforts, check out this page.