Many users enjoy using on-device Android container apps to perform a variety of functions (for example, to enable multi-account usage for an app). However, the experience within these apps may not always reflect the full suite of Android safety and security features that users have come to expect. For this reason, we’ve updated our Device and Network Abuse policy to allow on-device Android container apps to continue serving users while also giving all developers the ability to opt out of on-device Android container apps through the REQUIRE_SECURE_ENV manifest flag.
Frequently asked questions
How do I know if my app is an on-device Android container?If your app loads third-party APKs into its own app space, and those apps reasonably execute as if they are installed in a normal Android environment due to your app intercepting and potentially proxying calls, your app is considered an on-device Android container app.
Yes, all on-device Android container apps must comply with the new policy requirements for such an environment.
An on-device Android container app proxies to other apps via intercepting or calling by requesting, sending, redirecting, or intercepting API calls to apps outside the container in order to disguise them as being within the container. On-device Android container apps cannot proxy to apps via intercepting or calling as per the new policy requirements.
No. Enterprise apps that allow for separate work profiles and require device admin permissions to operate are not considered on-device Android container apps.
The REQUIRE_SECURE_ENV
is open to all app developers who don't want to operate in an on-device Android container app. We don’t have specific recommendations for whether certain types of apps should add the flag. That decision is up to you as a developer and is unique to your specific security and privacy needs.
No, there is no technical feature that prevents on-device Android container apps from loading your app, but our policy requires developers of on-device Android container apps, distributed on Google Play, to check the manifest of all apps they intend to load into their Android container. The policy also prohibits developers from loading apps that have added the REQUIRE_SECURE_ENV
flag to their manifest.
To learn more about REQUIRE_SECURE_ENV
flag, see Device and Network Abuse.