Android 17 Beta Introduces Secure-By-Default Architecture
Android 17 Beta Launch π
A new beta version of Android 17 has been released, bringing a range of privacy, security, and performance changes aimed at strengthening app protections and improving developer workflows. This update marks the first public beta of the mobile operating system and introduces structural changes that will affect how developers build and test apps ahead of its final release.
Key Updates π
- The
android:usesCleartextTrafficattribute has been deprecated. Apps targeting API level 37 that enable cleartext traffic without a corresponding network security configuration will have such traffic blocked by default. - Developers are urged to migrate to network security configuration files for more granular control.
- Support for HPKE hybrid cryptography has been added via a new public Service Provider Interface (SPI), enabling secure communication that combines public-key and symmetric encryption.
- Certificate transparency is now enabled by default, and new install-time permissions aim to improve protections around localhost interactions.
Looking Ahead π
Google has targeted platform stability for March, when the final SDK and NDK APIs will be delivered. Developers will then have several months to test before the final release. Android 17 will continue to receive quarterly updates, with planned app-breaking changes expected in Q2 and a minor SDK release scheduled for Q4. The new Canary channel will provide faster feature access, over-the-air (OTA) updates, and improved integration with continuous integration workflows.
To read the complete article see: Read full article