According to Google, over 95 percent of malicious Android apps caught by Google Play Protect are targeting older Android versions. The malicious app creators do this to avoid runtime permissions, even when installed on devices with the latest version of Android.
Things get more complicated and dangerous when you have apps downloaded from sources which aren’t the Google Play Store.
To combat this, by the end of this year Google Play Protect is going to start warning users if they try to install an app from any source that doesn’t target Android API level 26 or higher. In other words, if you try to install an app with a recent update that isn’t targeting Android 8.0 Oreo or newer, a warning will pop-up telling you that app could be unsafe.
Google is hoping this pop-up warning will “shame” developers into updating their apps to more recent API levels, while simultaneously preventing at least some users from going forward with the installation of what could be a malicious app.
This change will affect apps installed from any source, such as competing app stores from Huawei, Oppo, Xiaomi, etc. It will also affect sideload installations like those from Epic Games, where millions of Android users download Fortnite.
At the Google Play Store, things will be even more strict. For new Play Store apps and apps receiving new updates in 2020, developers will be required to target API level 28 or higher, which is Android 9 Pie. Since Google controls the Play Store, it can deal with developers directly who don’t comply.
Older apps that aren’t being updated will be unaffected by these new rules and apps designed for older versions of Android will also still be allowed.