Android Question new REQUIRE_SECURE_ENV flag

[Filippo]

Hi,

does anyone know what Google is doing with this email?

DEVELOPER UPDATE​

Hello Google Play Developer,​

We strive to make Google Play the safest and most trusted experience possible. To that end, we regularly update our policies. You can find the details of the latest changes to our policies, including deadlines, in our Policy Center.​

You’ll have at least 30 days from the date of this notification, unless noted otherwise here, to comply with the following policy changes:​

New policies​

To give developers more control over where their apps appear, we’re updating our Device and Network Abuse policy to state that all apps running On-device Android Containers, which simulate all or portions of the Android OS, must respect the new REQUIRE_SECURE_ENV flag. Apps can add this flag to their manifest to indicate they don't want to be run in an On-device Android Container. We’re introducing the Blockchain-based content policy that states developers must complete a declaration for apps that enable users to transact blockchain-based digital content. Additional requirements apply for NFT gamification to promote user transparency and safety. We’re adding new guidelines to our Deceptive Behavior policy to provide guidance on “non-transparent behavior.” Developers must make the app’s functionality clear to users. We’re also emphasizing that techniques to evade app reviews are not allowed. We’re introducing new requirements under our Personal Loans policy to state that personal loan apps operating in Thailand must provide documentation demonstrating their capacity to offer or assist with personal loans within the country.

 

[Erel]

Tell us a bit about your app.

Check this: https://support.google.com/googlepl...w-if-my-app-is-an-on-device-android-container

How is it related to your app?

 

[Filippo]

How is it related to your app?

I don't think it has anything to do with any of my app because the email doesn't say anything about it.

This is the complete email:

DEVELOPER UPDATE​

Hello Google Play Developer,​

We strive to make Google Play the safest and most trusted experience possible. To that end, we regularly update our policies. You can find the details of the latest changes to our policies, including deadlines, in our Policy Center.​

You’ll have at least 30 days from the date of this notification, unless noted otherwise here, to comply with the following policy changes:​

New policies​

To give developers more control over where their apps appear, we’re updating our Device and Network Abuse policy to state that all apps running On-device Android Containers, which simulate all or portions of the Android OS, must respect the new REQUIRE_SECURE_ENV flag. Apps can add this flag to their manifest to indicate they don't want to be run in an On-device Android Container. We’re introducing the Blockchain-based content policy that states developers must complete a declaration for apps that enable users to transact blockchain-based digital content. Additional requirements apply for NFT gamification to promote user transparency and safety. We’re adding new guidelines to our Deceptive Behavior policy to provide guidance on “non-transparent behavior.” Developers must make the app’s functionality clear to users. We’re also emphasizing that techniques to evade app reviews are not allowed. We’re introducing new requirements under our Personal Loans policy to state that personal loan apps operating in Thailand must provide documentation demonstrating their capacity to offer or assist with personal loans within the country.

Policy updates​

To boost trust and transparency on Google Play, we’re updating our Play Console Requirements policy to expand what developer verification is required to publish apps. Developers must verify their account information to make their app available to users. If registering as an organization, developers must ensure their account information is up to date and consistent with the details stored on their Dun & Bradstreet profile. This update will roll out to new developer accounts first. Existing developers will receive more information in October. To keep Google Play safe and secure for users, we’re updating our Financial Services policy to mandate that any app containing financial features must submit the financial features declaration form, along with supplementary information and documentation. We're updating the list of example APIs or SDKs that are not approved for use in apps that solely target children as part of our Families APIs and SDKs policy. We’re updating the Request Install Package Permission policy to expand the permitted functionalities to include companion apps used to sync Android phones to wearables or IoT devices. We’re updating the VPN policy to emphasize that VpnService cannot be used to engage in ad fraud. We’re updating our Real-Money Gambling, Games, and Contests policy to reflect completion of the Online Crane Games pilot program in Japan. Beginning July 12, 2023, Online Crane Game apps may be listed on Google Play globally subject to applicable law and certain requirements, including a declaration form.

Additionally, we’ve added clarifications to some of our existing policies. Because this policy isn’t new or updated, our enforcement standards and practices for this policy remain the same.​

We’re updating our SDK Requirements to include guidelines for a recently announced Deceptive Behavior policy update. We’re updating the examples in our Tobacco and Alcohol policy to clarify our existing policy. We’re centralizing existing ads requirements to make it easier for you to find this information.

Reminders​

As of August 2, 2023, all new apps must use Play Billing Library version 5 or newer. By November 1, 2023, all updates to existing apps must use Play Billing Library version 5 or newer. Learn more As of August 31, 2023, new apps and app update submissions must target API level 33 (Wear OS must target API 30). Existing apps must target API level 31 or newer to remain available to new users on devices running Android OS higher than your app's target API level. To save time and effort, you can use the new SDK Upgrade Assistant in Android studio. You will also be able to request an extension to November 1, 2023 if you need more time to update your app. Learn more The declaration form for apps that target Android 14 and above to declare foreground services (FGS) for appropriate use cases will now be available in October. You’ll have until January 31, 2024 to receive feedback and make adjustments. Learn more We introduced a new account deletion requirement earlier this year. If your app allows users to create an account, then it must also allow users to request for their account to be deleted in the app and through a web resource. All developers must update their Data safety form in Play Console, where some information may be displayed on your app’s Data safety section on Google Play. You have until December 7, 2023 to comply. If you need more time, you can request an extension to May 31, 2024. Learn more and watch our RePlay video.

Please review these policy updates carefully in case any of your apps are impacted. To learn more about how to comply with these changes:​

Read our blog about boosting trust and transparency on Google Play. Watch this PolicyBytes video Register for a policy webinar, available for multiple regions (Global, Brazil, India, Japan, Korea, South East Asia, or Indonesia). Send in your questions in advance. Ask questions or share best practices with fellow developers in the Google Play Developer Help Community.

 

[fredo]

(My first approach was not correct: SetApplicationAttribute("REQUIRE_SECURE_ENV", 1) )

See Erel's answer #9 below: https://www.b4x.com/android/forum/threads/new-require_secure_env-flag.149020/post-944527

I added this to make sure that the app will only run on a pure android device. I'm not sure if the change will help, but i don't want to left any stone unturned.

If there is anyone who knows more about "on-device android container apps", an explanation would be helpful to understand the necessity of that attribute.

 

[AnandGupta]

I found the defination as below

On-device Android container apps and the REQUIRE_SECURE_ENV manifest flag option - Play Console Help

Many users enjoy using on-device Android container apps to perform a variety of functions (for example, to enable multi-account usage for an app). However, the experience within these apps may not alw

support.google.com

So, most of our apps do not fall into it.

 

[AnandGupta]

Further I understand it is relevant when our app is set as 'dual app' or similar by phone os, say Redmi has this feature.
The below setting will prevent it from running in this mode,

SetApplicationAttribute("REQUIRE_SECURE_ENV", 1)

I noted that I can make my app as dual, but few apps in my phone do not work when made dual. They must have this setting.

 

[Filippo]

What is an "Android container"?

 

[Alessandro71]

What is an "Android container"?

Looks like a virtualization environment, provided by some vendors.

 

[Erel]

"On-device Android containers are apps that simulate the Android OS on an Android-powered device. This includes both apps that simulate the Android OS in its entirety and apps that only simulate portions of the Android OS."

Limit loading in on-device Android containers | App architecture | Android Developers

developer.android.com

Looks like apps that act as mini-OS. Maybe for enterprise solutions.

he below setting will prevent it from running in this mode,

The correct way to add this property is:

AddApplicationText(
<property android:name="REQUIRE_SECURE_ENV" android:value="1" />
)

Most apps can ignore this.

 

[Filippo]

So there is nothing wrong if you add this property in every App.

 

[Alessandro71]

So there is nothing wrong if you add this property in every App.

It may limit user choices, like running multiple instances of the app with different accounts.
looks like a decision the developer should take based of potential misuse of the app, like forcing authentication or data consistency.