Google today announced that over 80% of Android apps traffic is encrypted by default. The percentage is even higher for apps that target Android version 9, 90% of the traffic is encrypted by default.
The Android Network Security Configuration was introduced by Google in the year 2017, Android 7, allowing developers to use encrypted communication and to opt-out of using cleartext.
Starting from Android 9, Google set up a policy that forces the apps to communicate only through encrypted by default with all the domains.
The latest versions of the Android Studio and Google Play’s pre-launch report warn app developers if their app includes a potentially insecure Network Security Configuration.
Google recommended all app developers are recommended to encrypt all the network traffic in transit and to trust certificate issued only by the standard Android CA.
“Android is committed to keeping users, their devices, and their data safe. One of the ways that we keep data safe is by protecting network traffic that enters or leaves an Android device with Transport Layer Security (TLS),” reads Google blog post.
The usage of the SSL certificates also increased dramatically, with the topmost visited 1 million sites, 1,946,522 found to be with the SSL certificates.