In addition to bringing in changes to enhance the privacy profile of apps listed on its Play Store, Google is also trying to add in some security enhancements via the upcoming policy changes.
In particular, Google wants to reign in the malicious use of interpreted languages like JavaScript and Python to circumvent Google Play policies.
"We're clarifying the Device and Network Abuse policy to prohibit apps or SDKs with interpreted languages (e.g., JavaScript) loaded at run time from violating any Google Play policies,” shared Google announcing the change, which will be enforced from October 15, 2021.
- Protect your devices with these best antivirus software
- Here's our choice of the best malware removal software on the market
- These are the best ransomware protection tools
Reporting on the development, The Register says that the specific crackdown on interpreted languages such as JavaScript points to its intentions to control a very specific and perhaps rampant misuse.
Interpreted abuse
While Google hasn’t expanded on the need for implementing curbs on interpreted languages, The Register points to a last year’s research by security platform Snyk, which uncovered how popular Chinese mobile advertising SDK Mintegral sneaked in malicious code inside iOS apps.
The research highlighted how the Mintegral SDK used JavaScript to introduce a backdoor to compromise device security.
In fact, the use of JavaScript to work around app store rules goes as far back as 2012 when cybersecurity researchers at the Black Hat security conference demonstrated how they could use a WebView-based JavaScript bridge to conceal rouge behavior inside innocent-looking apps.
- We've put together a list of the best endpoint protection software
Via The Register
