Google cracks down on misuse of JavaScript, Python in Android apps

New rules specifically concern the (mis)use of JavaScript

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

In addition to bringing in changes toenhance the privacy profileof apps listed on itsPlay Store,Googleis also trying to add in some security enhancements via the upcoming policy changes.

In particular, Google wants to reign in the malicious use of interpreted languages likeJavaScriptandPythonto circumvent Google Play policies.

“We’re clarifying theDevice and Network Abuse policyto prohibit apps or SDKs with interpreted languages (e.g., JavaScript) loaded at run time from violating any Google Play policies,”shared Googleannouncing the change, which will be enforced from October 15, 2021.

Reporting on the development,The Registersays that the specific crackdown on interpreted languages such as JavaScript points to its intentions to control a very specific and perhaps rampant misuse.

Interpreted abuse

Interpreted abuse

While Google hasn’t expanded on the need for implementing curbs on interpreted languages,The Registerpoints to a last year’s research by security platform Snyk, which uncovered how popular Chinese mobile advertising SDKMintegral sneaked inmalicious code inside iOS apps.

Theresearch highlightedhow the Mintegral SDK used JavaScript to introduce a backdoor to compromise device security.

In fact, the use of JavaScript to work around app store rules goes as far back as 2012 whencybersecurityresearchers at the Black Hat security conference demonstrated how they could use a WebView-based JavaScript bridge to conceal rouge behavior inside innocent-looking apps.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

ViaThe Register

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Washington state court systems taken offline following cyberattack

Is it still worth using Proton VPN Free?

Google Pixel 9 vs Samsung Galaxy S24: which base model is better?