Feb 21, 2020

Google starts cleaning up its developer ecosystem

Cleaning up Android

Google is fighting back against Samsung’s custom changes to Android that the company claims exposes mobile users to serious security vulnerabilities.

What's the fuss? Samsung made changes to Android’s core kernel to improve security on one of its devices, the Galaxy A50. Google, however, claims that these code changes actually make users more vulnerable by exposing them to new attacks via arbitrary code execution.

Google suggests that "device-specific kernel modifications would be better off either being upstreamed or moved into userspace drivers." In other words, don’t touch code in the Android kernel.

It’s part of a broader clean up of Android. Google’s attack on Samsung comes on the heels of its crackdown on permission requests for apps in the Google Play Store—where it penalized developers for requesting excessive data from Android users.

Earlier this year, Google also announced it was increasing its top reward for hacking Android to $1M. Google even encourages developers to find security issues in popular third-party apps in the Play Store.

Zoom out: Google’s efforts go far beyond Android. Google recently required developers of Chrome extensions to collect only the least amount of data possible from users necessary to work. Even Gmail integrations were audited and restricted last year.

Google’s is doubling down on fixing its privacy and security reputation. That—for better or for worse—means more restrictions on developers within its ecosystem.

Want to get more of these in your inbox?

Subscribe for weekly updates from the Software team.