[Android GMS Announcements-0628] Disabling GPP, APA waiver, and API warnings

 

We are following up on our intention to increase enforcement for devices that have pre-installed apps that modify sensitive security settings, such as Google Play Protect (GPP). Older versions of GMS Core (prior to v17.4.x) include this behavior.

Please be aware that if a build you have submitted or plan to submit for approval contains an older version of GMS Core (prior to v17.4.x), it will be considered to contain a PHA (Potentially Harmful Application) and may render the device not eligible for a GMS approval.

As a reminder, on devices that use GMS, the Google Play store app MUST be functioning as the package verifier, which allows the Google Play Protect (GPP) feature to protect users from harmful apps. It is not permitted to modify the package_verifier_enable or package_verifier_user_consent, as old (prior to v17.4.x) versions of GMS Core do.

In 60 days from this notice, all software build submissions that contain an older version of GMS Core (prior to v17.4.x) will not qualify for an approval. Please only submit builds containing GMS Core v17.4.x and higher.

Please reach out to your BD/TAM immediately with any questions on how to move forward.

 

We’re trying to make the Android build approval process quick and smooth. To achieve this goal, our Android Partner Approvals (APA) portal team is working hard to introduce a new feature in APA called Waiver Proposal.

The Waiver Proposal user guide https://support.google.com/androidpartners/answer/9305893 provides details on this feature and its use.

When you provide detailed waiver information via Waiver Proposal it helps our approval team find your waiver details quickly, shortening the build approval time.

We are announcing the Waiver Proposal feature in APA, but we won’t enforce it until end of Q3 2019.

 

Reminder for upcoming Off Play enforcement for apps that target lower level SDK. See our previous blog post about this. Our plan for the enforcement is as follows

• August 2019: New apps are required to target API level 28 (Android 9) or higher. Google play protect will begin warning users when they are installing new apps that do not target API level 26 or higher. New apps here means new package name and signing certificate.

• November 2019: Updates to existing apps are required to target API level 26 or higher. Updates or new versions mean package name is the same, but a new digest is updating. Exception would be system apps.

• 2020 and onwards, this API level will be incremented with each version of android

We encourage you to start taking measures to notify app developers you are working with to prepare updates for their apps so that there is minimal disruption.