► In brief
- Google updates its Play Integrity API
- From May 2025, it will be able to control the security of your smartphone
- Lack of recent patch will block banking apps
What if you could no longer use your banking application on your Android smartphone? This scenario could become a reality in the coming months, with the new constraint that Google is making available to developers. Thus, the Android Play Integrity API should soon allow banking solutions to verify the correct installation of recent security updates on a device before being launched. Additional protection, which could however directly impact certain users.
A security imperative for banking apps
This decision is however logical: recently, Play Integrity has become a more complete API, allowing the verification of the security of a device according to three standards: basic, standard and reinforced. The last level corresponds to the presence of a security patch less than 12 months old on the smartphone concerned. The goal is simple: with this verification, the security health of the device can be judged more or less satisfactory to accommodate a risky solution, such as that of a bank.
For the moment, although the option is already available, its implementation remains subject to the will of the developers. However, from May 2025, the Play Integrity API will automate this verification for applications deemed sensitive. It may no longer be possible to access your banking application, at least if your Android phone is not correctly updated.
As for Android compatible OS like GrapheneOS, this is already problematic (see tweet below)…
A blocking decision, but necessary?
So, of course, this decision raises questions in terms of accessibility. Because, it is true, accessing your bank accounts via a banking application seems to be an elementary practice, almost established as a basic element on your Android smartphone. And yet, the logic behind the change in Play Protect is understandable: a smartphone without a security update for more than 12 months will undoubtedly present very strong security risks.
Because, even in a shorter period of a few months, possible exploitable flaws in later versions could be exploited by various malware. And, of course, the main target of this malware is still on your banking application: your money. Despite the constraints, Google's better safe than sorry strategy seems understandable.
