According to Google, 80% of applications from the Google Play catalog currently encrypt traffic by default . The rate of programs focused on Android 9 and 10 is even higher – 90%.
To protect Android devices from traffic interception in 2016, with the release of version 7 of the mobile OS, a default ban was introduced on applications to accept SSL certificates in addition to the standard trust list embedded in the system. At the same time, Google launched the Network Security Configuration option, which allows application developers to declare a network security policy in the configuration file, adding their certificates for debugging time for specific domains or connections.
With the release of Android 9, non-encrypted connections began to be blocked by default – before that, they were still possible. And from November 1 of this year, Google Play began to demand that all new products and updates be sharpened for Android 9 or higher. The latest versions of Android Studio and the developer’s console on Google Play provide a warning about the unreliability of network settings – in the case, for example, when the application allows data transfer in clear text for all domains or accepts a certificate added by the user not only in debug mode. Google expects that all these measures will help achieve the intended goal – the introduction of HTTPS throughout the Android ecosystem.
Forcing Android program developers to follow the general trend, Google itself restricts the use of unreliable connections in its products. So, according to the latest report on the transparency of the company, the use of HTTPS in Chrome has already reached 95%, but the actual performance is highly platform dependent. On Android, for example, Google’s browser via HTTPS loads 89% of the pages on the Internet, on Windows 84%.