80% of all Android apps encrypt traffic by default | WeLiveSecurity

80% of all Android apps encrypt traffic by default

Google keeps pushing in its mission for broader encryption adoption

Google keeps pushing in its mission for broader encryption adoption

Android commands the lion’s share of the mobile operating system market. And with so many users under its wings, it should come as no surprise that Google has been doubling down on security.

In a blog post this week, the tech behemoth announced that 80% of Android applications in its Google Play store encrypt network traffic by default, using the Transport Layer Security (TLS) protocol. Google emphasized that the percentage is higher at 90% when considering apps that target Android 9 and later versions of the system.

To encourage this trend, both any new apps and app updates must aim at Android 9 at the very least. If developers keep on meeting the standards required to be published on the Google Play store, the percentage is expected to keep on rising.

The company started enforcing these measures gradually in 2016 with Android 7 by introducing Network Security Configuration. In its latest release of Android Studio, it doubles down on security, by alerting developers potentially insecure configurations in their app. For example, it issues a warning if the app allows unencrypted traffic.

“This encourages the adoption of HTTPS across the Android ecosystem and ensures that developers are aware of their security configuration,” states the official blog.

But it’s not only in Android apps where Google has been pushing for traffic encryption. It has been driving websites to adopt the standards widely as well as implementing it across its own sites and services.

As of May of this year, encryption was at 94% across its products and services, according to its Transparency Report. The only service that has been achieving “subpar” results with 92% encryption of traffic is its news service.

In October 2019, Google announced that its browser, Chrome, would gradually move to preventing insecure HTTP content from loading on HTTPS pages.

Discussion