Google cracks down on misuse of JavaScript, Python in Android apps

JavaScript code on a computer screen
(Image credit: Shutterstock / BEST-BACKGROUNDS)

In addition to bringing in changes to enhance the privacy profile of apps listed on its Play Store, Google is also trying to add in some security enhancements via the upcoming policy changes.

In particular, Google wants to reign in the malicious use of interpreted languages like JavaScript and Python to circumvent Google Play policies.

"We're clarifying the Device and Network Abuse policy to prohibit apps or SDKs with interpreted languages (e.g., JavaScript) loaded at run time from violating any Google Play policies,” shared Google announcing the change, which will be enforced from October 15, 2021.

Reporting on the development, The Register says that the specific crackdown on interpreted languages such as JavaScript points to its intentions to control a very specific and perhaps rampant misuse.

Interpreted abuse

While Google hasn’t expanded on the need for implementing curbs on interpreted languages, The Register points to a last year’s research by security platform Snyk, which uncovered how popular Chinese mobile advertising SDK Mintegral sneaked in malicious code inside iOS apps.

The research highlighted how the Mintegral SDK used JavaScript to introduce a backdoor to compromise device security.

In fact, the use of JavaScript to work around app store rules goes as far back as 2012 when cybersecurity researchers at the Black Hat security conference demonstrated how they could use a WebView-based JavaScript bridge to conceal rouge behavior inside innocent-looking apps.

Via The Register

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.