To prevent old apps from breaking, new features and app restrictions in, say, Android 12 only apply to apps that target Android 12 or above. Older apps will continue to run with the older set of restrictions they’re used to. (A different setting, called “Minimum SDK,” determines if a new app can run on an old Android OS.) The system works great for honest developers, but if you’re building a piece of malware, it’s an easy decision to target a very old version of Android. While you’ll get access to fewer features, you’ll also be subject to fewer security and privacy restrictions. For the first time, Android 14 will close this malware loophole by simply refusing to install old apps. The cutoff point is generous enough that it shouldn’t cause anyone problems; any app targeting the 8-year-old Android 6.0 or below will be blocked. Google says it picked Android 6 because it’s the version that introduced runtime permissions, the allow/deny boxes that pop up asking for things like camera access. In addition, “some malware apps use a targetSdkVersion of [Android 5.1] to avoid being subjected to the runtime permission model introduced in 2015 by Android 6.0,” Google said.
Read more of this story at Slashdot.