Google keeps
pushing in its mission for broader encryption adoption
Android commands the lion’s share of the mobile operating system market. And with so many users under its wings, it should come as no surprise
that Google has been doubling down on security.
In a blog post this week, the tech behemoth announced that 80% of Android
applications in its Google Play store encrypt network traffic by default, using
the Transport Layer Security (TLS) protocol. Google emphasized that the
percentage is higher at 90% when considering apps that target Android 9 and
later versions of the system.
To encourage this trend, both any new apps and app
updates must aim at Android 9 at the very least. If developers keep on meeting
the standards required to be published on the Google Play store, the percentage
is expected to keep on rising.
The company started enforcing these measures
gradually in 2016 with Android 7 by introducing Network Security Configuration.
In its latest release of Android Studio, it doubles down on security, by
alerting developers potentially insecure configurations in their app. For
example, it issues a warning if the app allows unencrypted traffic.
“This encourages the adoption of HTTPS across the
Android ecosystem and ensures that developers are aware of their security
configuration,” states the official blog.
But it’s not only in Android apps where Google has
been pushing for traffic encryption. It has been driving websites to adopt the
standards widely as well as implementing it across its own sites and services.
As of May of this year, encryption was at 94%
across its products and services, according to its Transparency Report. The only
service that has been achieving “subpar” results with 92% encryption of traffic
is its news service.
In October 2019, Google announced that its browser, Chrome, would gradually move to preventing
insecure HTTP content from loading on HTTPS pages.