11 Dec 2025

feedAndroid Developers Blog

Building a safer Android and Google Play, together

Posted by Matthew Forsythe , Director, Product Management, App & Ecosystem Trust and Ron Aquino Sr. Director, Trust and Safety, Chrome, Android and Play

Earlier this year, we reiterated our commitment to keeping Android and Google Play safe for everyone and maintaining a thriving environment where users can trust the apps they download and your business can flourish. We've heard your feedback clearly, from excited conversations at Play events around the world to the honest concerns on social media. You want simpler ways to make sure your apps are compliant and pass review, and need strong protections for your business so you can focus on growth and innovation. We are proud of the steps we've taken together this year, but know this is ongoing work in a complex, ever-changing market.


Here are key actions we've taken this year to simplify your development journey and strengthen protection.

Simpler ways to build safer apps from the start

This year, we focused on making improvements to the app publishing experience by reducing friction points, from the moment you write code to submitting your app for review.

  • Policy guidance right where you code: We rolled out Play Policy Insights to all developers using Android Studio. This feature provides real-time, in-context guidance and policy warnings as you code, helping you proactively identify and resolve potential issues before you even submit your app for review.

  • Pre-review checks to help prevent app review surprises: Last year, we launched pre-review checks in Play Console so you can identify issues early, like incomplete policy declarations or crashes, and avoid rejections. This year, we expanded these checks for privacy policy links, login credential requirements, data deletion request links, inaccuracies in your Data safety form, and more.

Stronger protection for your business and users

We are committed to providing you with powerful ways to protect your apps and users from abuse. Beyond existing tools, programs, and the performance and security enhancement that comes with every Android release, we've also launched:

  • Advanced abuse and fraud protection: We made the Play Integrity API faster and more resilient, and introduced new features like Play remediation prompts and device recall in beta. Device recall is a powerful new tool that lets you store and recall limited data associated with a device, even if the device is reset, helping protect your business model from repeat bad actors.

  • Tools to keep kids safe:

    • We continued to invest in protecting children across Google products, including Google Play. New Play policy helps keep our youngest users safe globally by requiring apps with dating and gambling features to use Play Console tools to prevent minors from accessing them. Our enhanced Restrict Minor Access feature now blocks the users who we determine to be minors from searching for, downloading, or making purchases in apps that they shouldn't have access to.

    • We've also been providing tools to developers to help meet significant new age verification regulatory requirements in applicable US states.

  • More ways to stop malware from snooping on your app: Android 16 provides a new, powerful defense in a single line of code: accessibilityDataSensitive. This flag lets you explicitly mark views in your app as containing sensitive data and block malicious apps from seeing or performing interactions on it. If you already use setFilterTouchesWhenObscured(true) to protect your app from tapjacking, your views are automatically treated as sensitive data for accessibility for an instant additional layer of defense with no extra work.

Smoother policy compliance experience

We're listening to your concerns and proactively working to make the experience of Play policy compliance and Android security requirements more transparent, predictable, and accessible for all developers. You asked for clarity, fairness, and speed, and here is what we launched:

  • More support when you need it: Beyond the webinars and resources that we share, you told us you needed more direct policy help to understand requirements and get answers. Next week, we'll add a direct way for you to reach our team about policy questions in your Play Console. You'll be able to find this new, integrated support experience directly within your Play Console via the "Help" section. We also expanded the Google Play Developer Help Community to more languages, like Indonesian, Japanese, Korean, and Portuguese.

  • Clearer documentation: You asked for policy that's easier to understand. To help you quickly grasp essential requirements, we've introduced a new Key Considerations section across several policies (like Permissions and Target API Level) and included concise "Do's & Don'ts" and easier-to-read summaries.

  • More transparent appeals process: We introduced a 180-day appeal window for account terminations. This allows us to prioritize and make decisions faster for developers who file appeals.

  • Android developer verification design changes: To support a diverse range of users and developers, we're taking action on your feedback.

    • First, we're creating a dedicated free account type to support students and hobbyists who want to build apps just for a small group, like family and friends. This means that you can share your creations to a limited number of devices without needing to go through the full developer verification process.

    • We're also building a flow for experienced users to be able to install unverified apps. This is being carefully designed to balance providing choice with prioritizing security, including clear warnings so users fully understand the risks before choosing to bypass standard safety checks.

The improvements we made this year are only the beginning. Your feedback helps drive our roadmap, and it will continue to inform future refinements to our policies, tools, experiences, and ensuring Android and Google Play remain the safest and most trusted place for you to innovate and grow your business.


Thank you for being our partner in building the future of Android.


11 Dec 2025 10:26pm GMT

Enhancing Android security: Stop malware from snooping on your app data

Posted by Bennet Manuel, Product Management, Android App Safety and Rob Clifford, Developer Relations





Security is foundational to Android. We partner with you to keep the platform safe and protect user data by offering powerful security tools and features, like Credential Manager and FLAG_SECURE. Every Android release brings performance and security enhancements, and with Android 16, you can take simple, significant steps to strengthen your app's defenses. Check out our video or continue reading to learn more about our enhanced protections for accessibility APIs.


Protect your app from snooping with a single line of code

We've seen that bad actors sometimes try to exploit accessibility API features to read sensitive information, like passwords and financial details, directly from the screen and manipulate a user's device by injecting touches. To combat this, Android 16 provides a new, powerful defense in a single line of code: accessibilityDataSensitive.

The accessibilityDataSensitive flag allows you to explicitly mark a view or composable as containing sensitive data. When you set this flag to true on your app, you are essentially blocking potentially malicious apps from accessing your sensitive view data or performing interactions on it. Here is how it works: any app requesting accessibility permission that hasn't explicitly declared itself as a legitimate accessibility tool (isAccessibilityTool=true) is denied access to that view.

This simple but effective change helps to prevent malware from stealing information and performing unauthorized actions, all without impacting users' experience of legitimate accessibility tools. Note: If an app is not an accessibility tool but requests accessibility permissions and sets isAccessibilityTool=true, Play will reject it and Google Play Protect will block it on user devices.

Automatic, enhanced security for setFilterTouchesWhenObscured protection

We've already integrated this new accessibilityDataSensitive security functionality with the existing setFilterTouchesWhenObscured method.

If you already use setFilterTouchesWhenObscured(true) to protect your app from tapjacking, your views are automatically treated as sensitive data for accessibility. By enhancing the setFilterTouchesWhenObscured method with accessibilityDataSensitive protections, we're instantly giving everyone an additional layer of defense with no extra work.

Getting started

We recommend that you use setFilterTouchesWhenObscured, or alternatively the accessibilityDataSensitive flag, on any screen that contains sensitive information, including login pages, payment flows, and any view displaying personal or financial data.

For Jetpack Compose

setFilterTouchesWhenObscured

accessibilityDataSensitive

val composeView = LocalView.current DisposableEffect(Unit) { composeView.filterTouchesWhenObscured = true onDispose { composeView.filterTouchesWhenObscured = false } }

Use the semantics modifier to apply the sensitiveData property to a composable.

BasicText { text = "Your password",

modifier = Modifier.semantics {

sensitiveData = true }}

For View-based apps

In your XML layout, add the relevant attribute to the sensitive view.

setFilterTouchesWhenObscured

accessibilityDataSensitive

<TextView android:filterTouchesWhenObscured="true" />

<TextView android:accessibilityDataSensitive="true" />

Alternatively, you can set the property programmatically in Java or Kotlin:

setFilterTouchesWhenObscured

accessibilityDataSensitive

myView.filterTouchesWhenObscured = true;

myView.isAccessibilityDataSensitive = true;

myView.setFilterTouchesWhenObscured(true)

myView.setAccessibilityDataSensitive(true);

Read more about the accessibilityDataSensitive and setFilterTouchesWhenObscured flags in the Tapjacking guide.



Partnering with developers to keep users safe

We worked with developers early to ensure this feature meets real-world needs and integrates smoothly into your workflow.

"We've always prioritized protecting our customers' sensitive financial data, which required us to build our own protection layer against accessibility-based malware. Revolut strongly supports the introduction of this new, official Android API, as it allows us to gradually move away from our custom code in favor of a robust, single-line platform defense."

- Vladimir Kozhevnikov, Android Engineer at Revolut



You can play a crucial role in protecting your users from malicious accessibility-based attacks by adopting these features. We encourage all developers to integrate these features into their apps to help keep users safe.

Together, we can build a more secure and trustworthy experience for everyone.

11 Dec 2025 5:00pm GMT

#WeArePlay: How Matraquina helps non-verbal kids communicate

Posted by Robbie McLachlan, Developer Marketing





In our latest #WeArePlay film, we meet Adriano, Wagner and Grazyelle. The trio are behind Matraquinha, an app helping thousands of non-verbal children in more than 80 countries communicate. Discover more about their inspiring story and the impact on their own son, Gabriel.

Wagner, you developed Matraquinha for a deeply personal reason: your son, Gabriel. Can you tell us what inspired you to create this app for him?

My wife and I adopted our son at 10 months. We later found out he couldn't speak and received a diagnosis of Autism, so we started researching ways to communicate with him and vice versa. The idea started with drawings of objects and phrases on cards for him to point to things he wanted. We wanted to make this more digital and so, with my brother Adriano's help, we developed the Matraquinha app.

How does the app work?

Wagner: The app has almost 250 drawings, like digital flashcards. The child points to a card and the app announces the name of the object, place or feeling. Parents then more clearly understand what their child needs.

Grazyelle: As a mom, after Gabriel started using the app, he was able to communicate and that reduced his feeling of crisis a lot. Before, he would be frustrated. Now with the app, my son can tell me what he needs.



Matraquinha started as a personal app for your family, but is now helping users in over 77 countries. How did you achieve this scale?

Adriano: When my brother came to me with the idea, we thought it would be for our family and had no idea it would turn into a global resource for more families. In the first week, we had 1 download. By the next year, we had 100,000 downloads, all organic with no ads. It showed us how important the app was to help families communicate with their non-verbal children.

Adriano: It's truly incredible for us to be on Google Play because, even without being senior engineers, this tool gave us an opportunity-an entry point-to bring communication to other families. We use other tools like Firebase Analytics which lets us see which cards and categories people are using the most, this helps us when developing new versions.

What is next for Matraquinha, and what features are you most excited about bringing to the community?

We are adding an extra 500 real images to the app, because kids are growing and no longer want drawings as they become teenagers. We're also creating a board that has pronouns, nouns, and verbs. So say, a child wants to let the parents know they like to eat hamburgers, they can tap on the different words and create a sentence. This gives them even more independence. We are also exploring ways to use AI to make the app even more personal and pursuing the same goal: ensuring every child can be heard.

Discover other inspiring app and game founders featured in #WeArePlay.

11 Dec 2025 5:00pm GMT