Mozilla researchers find discrepancies between Google Play Store's Data Safety labels and privacy policies of nearly 80 percent of the reviewed apps. From the report: Google Play Store's Data Safety labels would have you believe that neither TikTok nor Twitter share your personal data with third parties. The apps' privacy policies, however, both explicitly state that they share user information with advertisers, Internet service providers, platforms, and numerous other types of companies. These are two of the most egregious examples uncovered by Mozilla's *Privacy Not Included researchers as part of a study looking at whether Google Play Store's new Data Safety labels provide consumers with accurate information about apps collect, use, and share personal data. In nearly 80 percent of the apps reviewed, Mozilla found that the labels were false or misleading based on discrepancies between the apps' privacy policies and the information apps self-reported on Google's Data Safety Form. Researchers concluded that the system fails to help consumers make more informed choices about their privacy before purchasing or downloading one of the store's 2.7 million apps.

The study -- "See No Evil: How Loopholes in the Google Play Store's Data Safety Labels Leave Companies in the Clear and Consumers in the Dark," -- uncovers serious loopholes in the Data Safety Form, which make it easy for apps to provide false or misleading information. For example, Google exempts apps sharing data with "service providers" from its disclosure requirements, which is problematic due to both the narrow definition it uses for service providers and the large amount of consumer data involved. Google absolves itself of the responsibility to verify whether the information is true stating that apps "are responsible for making complete and accurate declarations" in their Data Safety labels. In a statement Google said: "This report conflates company-wide privacy policies that are meant to cover a variety of products and services with individual Data safety labels, which inform users about the data that a specific app collects. The arbitrary grades Mozilla Foundation assigned to apps are not a helpful measure of the safety or accuracy of labels given the flawed methodology and lack of substantiating information."

Android 14 is here -- or the first preview is, at least. From a report: Google is kicking off the months-long developer preview process for Android's latest version, which will get a final release in the second half of the year. Even with multiple previews, Google likes to keep the final set of Android features under wraps at least until its I/O conference in May, so we can't look at the features here to determine the scope of Android 14. These are just some of the features Google wants developers to have a head start on. The biggest news is that Android 14 will block the installation of old Android apps. As Android changes over the years, new APIs and increased security, privacy, or background processing restrictions could break old apps, but Android's backward-compatibility system keeps these old apps running. Apps can declare the newest version of Android they support via a "Target SDK" flag.

To prevent old apps from breaking, new features and app restrictions in, say, Android 12 only apply to apps that target Android 12 or above. Older apps will continue to run with the older set of restrictions they're used to. (A different setting, called "Minimum SDK," determines if a new app can run on an old Android OS.) The system works great for honest developers, but if you're building a piece of malware, it's an easy decision to target a very old version of Android. While you'll get access to fewer features, you'll also be subject to fewer security and privacy restrictions. For the first time, Android 14 will close this malware loophole by simply refusing to install old apps. The cutoff point is generous enough that it shouldn't cause anyone problems; any app targeting the 8-year-old Android 6.0 or below will be blocked. Google says it picked Android 6 because it's the version that introduced runtime permissions, the allow/deny boxes that pop up asking for things like camera access. In addition, "some malware apps use a targetSdkVersion of [Android 5.1] to avoid being subjected to the runtime permission model introduced in 2015 by Android 6.0," Google said.

An anonymous reader quotes a report from Ars Technica: As a smartphone operating system, Android strives to be a lightweight OS so it can run on a variety of hardware. The first version of the OS had to squeeze into the T-Mobile G1, with only a measly 256MB of internal storage for Android and all your apps, and ever since then, the idea has been to use as few resources as possible. Unless you have the latest Samsung phone, where Android somehow takes up an incredible 60GB of storage. Yes, the Galaxy S23 is slowly trickling out to the masses, and, as Esper's senior technical editor Mishaal Rahman highlights in a storage space survey, Samsung's new phone is way out of line with most of the ecosystem. Several users report the phone uses around 60GB for the system partition right out of the box. If you have a 128GB phone, that's nearly half your storage for the Android OS and packed-in apps. That's four times the size of the normal Pixel 7 Pro system partition, which is 15GB. It's the size of two Windows 11 installs, side by side. What could Samsung possibly be putting in there?!

We can take a few guesses as to why things are so big. First, Samsung is notorious for having a shoddy software division that pumps out low-quality code. The company tends to change everything in Android just for change's sake, and it's hard to imagine those changes are very good. Second, Samsung may want to give the appearance of having its own non-Google ecosystem, and to do that, it clones every Google app that comes with its devices. Samsung is contractually obligated to include the Google apps, so you get both the Google and Samsung versions. That means two app stores, two browsers, two voice assistants, two text messaging apps, two keyboard apps, and on and on. These all get added to the system partition and often aren't removable.

Unlike the clean OSes you'd get from Google or Apple, Samsung sells space in its devices to the highest bidder via pre-installed crapware. A company like Facebook will buy a spot on Samsung's system partition, where it can get more intrusive system permissions that aren't granted to app store apps, letting it more effectively spy on users. You'll also usually find Netflix, Microsoft Office, Spotify, Linkedin, and who knows what else. Another round of crapware will also be included if you buy a phone from a carrier, i.e., all the Verizon apps and whatever space they want to sell to third parties. The average amount users are reporting is 60GB, but crapware deals change across carriers and countries, so it will be different for everyone.

Password management company Dashlane has made its mobile app code available on GitHub for public perusal, a first step it says in a broader push to make its platform more transparent. TechCrunch reports: The Dashlane Android app code is available now alongside the iOS incarnation, though it also appears to include the codebase for its Apple Watch and Mac apps even though Dashlane hasn't specifically announced that. The company said that it eventually plans to make the code for its web extension available on GitHub too. Initially, Dashlane said that it was planning to make its codebase "fully open source," but in response to a handful of questions posed by TechCrunch, it appears that won't in fact be the case.

At first, the code will be open for auditing purposes only, but in the future it may start accepting contributions too --" however, there is no suggestion that it will go all-in and allow the public to fork or otherwise re-use the code in their own applications. Dashlane has released the code under a Creative Commons Attribution-NonCommercial 4.0 license, which technically means that users are allowed to copy, share and build upon the codebase so long as it's for non-commercial purposes. However, the company said that it has stripped out some key elements from its release, effectively hamstringing what third-party developers are able to do with the code. [...]

"The main benefit of making this code public is that anyone can audit the code and understand how we build the Dashlane mobile application," the company wrote. "Customers and the curious can also explore the algorithms and logic behind password management software in general. In addition, business customers, or those who may be interested, can better meet compliance requirements by being able to review our code." On top of that, the company says that a benefit of releasing its code is to perhaps draw-in technical talent, who can inspect the code prior to an interview and perhaps share some ideas on how things could be improved. Moreover, so-called "white-hat hackers" will now be better equipped to earn bug bounties. "Transparency and trust are part of our company values, and we strive to reflect those values in everything we do," Dashlane continued. "We hope that being transparent about our code base will increase the trust customers have in our product."

An anonymous reader shares a report: Google and Microsoft don't always take pains to make sure their products work great together -- Google originally declared Microsoft's Chromium-based Edge browser "not supported" by the Google Drive web apps; Microsoft is always trying to make you use Bing -- but it looks like Google's ChromeOS will start working a bit better with the Microsoft 365 service later this year. Google says ChromeOS will add a "new integration" for Microsoft 365, making it easier to install the app and adding built-in support for OneDrive in ChromeOS' native Files app.

This should allow users to search for and access OneDrive files the same way they get to local files, or files stored in their Google Drive account. The integration will be added in "the coming months," and users in ChromeOS' dev and beta channels will be able to access it before it rolls out to all ChromeOS users later this year. ChromeOS users can currently access OneDrive and other Microsoft 365 services through their web interfaces or Android apps installed via the Google Play Store, but they don't integrate with the built-in ChromeOS Files app the way that Google Drive does. This integration will help close that gap for people who, for example, use Google products at home but Microsoft products at work or vice versa.

Kevin Systrom and Mike Krieger are back. From a report: The Instagram co-founders, who departed Facebook in 2018 amid tensions with their parent company, have formed a new venture to explore ideas for next-generation social apps. Their first product is Artifact, a personalized news feed that uses machine learning to understand your interests and will soon let you discuss those articles with friends. Artifact -- the name represents the merging of articles, facts, and artificial intelligence -- is opening up its waiting list to the public today. The company plans to let users in quickly, Systrom says. You can sign up yourself here; the app is available for both Android and iOS.

The simplest way to understand Artifact is as a kind of TikTok for text, though you might also call it Google Reader reborn as a mobile app, or maybe even a surprise attack on Twitter. The app opens to a feed of popular articles chosen from a curated list of publishers ranging from leading news organizations like the New York Times to small-scale blogs about niche topics. Tap on articles that interest you and Artifact will serve you similar posts and stories in the future, just as watching videos on TikTok's For You page tunes its algorithm over time.

An anonymous reader quotes a report from 9to5Google: At the Flutter Forward event, Google released Flutter 3.7 with more Material You widgets and menus support, while also teasing the future of the app development framework. Having grown from humble beginnings on Android and iOS, Google's Flutter SDK can now help you create apps for mobile, desktop, web, and more, all from a single Dart codebase. Since launch, over 700,000 Flutter apps have been published across various platforms.

Today in Nairobi, Kenya, the Flutter team hosted Flutter Forward, an event to connect with the growing global community of developers and showcase the future of app development. For starters, Flutter version 3.7 has now been released, bringing with it a whole host of Material 3 (Material You) widgets. To get a feel for what all is possible with the new generation of Material Design in Flutter, Google has prepared a fun web showcase that even allows you to toggle between Material Theming and Material You. You'll also find that Flutter 3.7 includes new support for creating menus for your app -- including native support for macOS menus, new cascading menu widgets, and the ability to add items to right-click/long-press context menus. The built-in text magnifier on Android and iOS also now works as expected with Flutter's text fields. You can learn more about the improvements of Flutter 3.7 in the full release blog.

Looking ahead, the Flutter team has been working for quite some time on replacing the Skia renderer with a more robust solution of its own. Currently dubbed "Impeller," Flutter's new rendering engine has made significant enough progress to now be ready for developers to test it with their iOS apps. [...] Google is also working on new ways to help Flutter apps integrate with the underlying OS or platform. [...] Meanwhile, for Flutter web apps, a new "js" library makes it easy to call your app's Dart code from the outer page's JavaScript code. Relatedly, you can now embed a Flutter view onto a page through a standard HTML div. Both of these can be seen in a fun demonstration page.

Elsewhere in Flutter web news, Google has made strides toward compiling Dart apps using WebAssembly. [...] In time, this should result in significant performance improvements for Flutter on the web. In addition to compiling to WebAssembly, the Dart team has also begun offering full support for the RISC-V architecture, with the ultimate goal of Flutter apps running on RISC-V. Another major announcement today is that Google is moving forward with its plans to release version 3.0 of the Dart programming language upon which Flutter apps are built. Dart 3.0 is available today for early alpha testing with a focus on requiring sound null safety.

To help reduce the potential for malware, Android 14 will begin fully blocking the installation of apps that target outdated versions of Android. 9to5Google reports: For years now, the guidelines for the Google Play Store have ensured that Android developers keep their apps updated to use the latest features and safety measures of the Android platform. Just this month, the guidelines were updated, requiring newly listed Play Store apps to target Android 12 at a minimum. Up to this point, these minimum API level requirements have only applied to apps that are intended for the Google Play Store. Should a developer wish to create an app for an older version, they can do so and simply ask their users to sideload the APK file manually. Similarly, if an Android app hasn't been updated since the guidelines changed, the Play Store will continue serving the app to those who have installed it once before.

According to a newly posted code change, Android 14 is set to make API requirements stricter, entirely blocking the installation of outdated apps. This change would block users from sideloading specific APK files and also block app stores from installing those same apps. Initially, Android 14 devices will only block apps that target especially old Android versions. Over time though, the plan is to increase the threshold to Android 6.0 (Marshmallow), with Google having a mechanism to "progressively ramp [it] up." That said, it will likely still be up to each device maker to decide the threshold for outdated apps or whether to enable it at all. The report notes that it'll still be possible to install an outdated version of an app "through a command shell, by using a new flag."

An anonymous reader shares a report: It seems Google is feeling the heat from OpenAI's ChatGPT. The artificial intelligence-powered chatbot has taken the tech world by storm over the last couple months, as it can provide users with information they're looking for in an easy-to-understand format. Google sees ChatGPT as a threat to its search business and has shifted plans accordingly over the last several weeks, according to The New York Times. The report claims CEO Sundar Pichai has declared a "code red" and accelerated AI development. Google is reportedly preparing to show off at least 20 AI-powered products and a chatbot for its search engine this year, with at least some set to debut at its I/O conference in May.

According to a slide deck viewed by the Times, among the AI projects Google is working on are an image generation tool, an upgraded version of AI Test Kitchen (an app used to test prototypes), a TikTok-style green screen mode for YouTube and a tool that can generate videos to summarize other clips. Also in the pipeline are a feature titled Shopping Try-on (perhaps akin to one Amazon has been developing), a wallpaper creator for Pixel phones and AI-driven tools that could make it easier for developers to create Android apps. Pichai reportedly brought in Google founders Larry Page and Sergey Brin last month to meet with current leaders, review AI plans and offer input. The duo hasn't had much day-to-day involvement with the company since 2019, as they're focusing on other projects.

Academic researchers have discovered serious vulnerabilities in the core of Threema, an instant messenger that its Switzerland-based developer says provides a level of security and privacy "no other chat service" can offer. From a report: Despite the unusually strong claims and two independent security audits Threema has received, the researchers said the flaws completely undermine assurances of confidentiality and authentication that are the cornerstone of any program sold as providing end-to-end encryption, typically abbreviated as E2EE. Threema has more than 10 million users, which include the Swiss government, the Swiss army, German Chancellor Olaf Scholz, and other politicians in that country. Threema developers advertise it as a more secure alternative to Meta's WhatsApp messenger. It's among the top Android apps for a fee-based category in Switzerland, Germany, Austria, Canada, and Australia. The app uses a custom-designed encryption protocol in contravention of established cryptographic norms.

Researchers from the Zurich-based ETH research university reported on Monday that they found seven vulnerabilities in Threema that seriously call into question the true level of security the app has offered over the years. Two of the vulnerabilities require no special access to a Threema server or app to cryptographically impersonate a user. Three vulnerabilities require an attacker to gain access to a Threema server. The remaining two can be exploited when an attacker gains access to an unlocked phone, such as at a border crossing. "In totality, our attacks seriously undermine Threema's security claims," the researchers wrote. "All the attacks can be mitigated, but in some cases, a major redesign is needed."

An anonymous reader quotes a report from Ars Technica: Google's keynote at the RISC-V Summit was all about bold proclamations [...]. Lars Bergstrom, Android's director of engineering, wants RISC-V to be seen as a "tier-1 platform" in Android, which would put it on par with Arm. That's a big change from just six months ago. Bergstrom says getting optimized Android builds on RISC-V will take "a lot of work" and outlined a roadmap that will take "a few years" to come to fruition, but AOSP started to land official RISC-V patches back in September. The build system is up and running, and anyone can grab the latest "riscv64" branch whenever they want -- and yes, in line with its recent Arm work, Google wants RISC-V on Android to be 64-bit only. For now, the most you can get is a command line, and Bergstrom's slide promised "initial emulator support by the start of 2023, with Android RunTime (ART) support for Java workloads following during Q1."

One of Bergstrom's slides featured the above "to-do" list, which included a ton of major Android components. Unlike Android's unpolished support for x86, Bergstrom promised a real push for quality with RISC-V, saying, "We need to do all of the work to move from a prototype and something that runs to something that's really singing -- that's showing off the best-in-class processors that [RISC-V International Chairman Krste Asanovic] was mentioning in the previous talk." Once Google does get Android up and running on RISC-V, then it will be up to manufacturers and the app ecosystem to back the platform. What's fun about the Android RunTime is that when ART supports RISC-V, a big chunk of the Android app ecosystem will come with it. Android apps ship as Java code, and the way that becomes an ARM app is when the Android Runtime compiles it into ARM code. Instead, it will soon compile into RISC-V code with no extra work from the developer. Native code that isn't written in Java, like games and component libraries, will need to be ported over, but starting with Java code is a big jump-start.

In her opening remarks, RISC-V International (the nonprofit company that owns the architecture) CEO Calista Redmond argued that "RISC-V is inevitable" thanks to the open business model and wave of open chip design that it can create, and it's getting hard to argue against that. While the show was mostly about the advantages of RISC-V, I want to add that the biggest reason RISC-V seems inevitable is that current CPU front-runner Arm has become an unstable, volatile company, and it feels like any viable alternative would have a good shot at success right now. [...] The other reason to kick Arm to the curb is the US-China trade war, specifically that Chinese companies (and the Chinese government) would really like to distance themselves from Western technology. [...] RISC-V is seen as a way to be less reliant on the West. While the project started at UC Berkeley, RISC-V International says the open source architecture is not subject to US export law. In 2019, the RISC-V Foundation actually moved from the US to Switzerland and became "RISC-V International," all to try to avoid picking a side in the US-China trade war. The result is that Chinese tech companies are rallying around RISC-V as the future chip architecture. One Chinese company hit by US export restrictions, the e-commerce giant Alibaba, has been the leading force in bringing RISC-V support to Android, and with Chinese companies playing a huge part in the Android ecosystem, it makes sense that Google would throw open the doors for official support. Now we just need someone to build a phone.

Google has told a tribunal in India that the country's antitrust investigators copied parts of a European ruling against the U.S. firm for abusing the market dominance of its Android operating system, arguing the decision be quashed, legal papers show. From a report: The Competition Commission of India (CCI) in October fined Alphabet's Google $161 million for exploiting its dominant position in markets such as online search and the Android app store, and asked it to change restrictions imposed on smartphone makers related to pre-installing apps.

In its filing to an Indian appeals tribunal, Google argues the CCI's investigation unit "copy-pasted extensively from a European Commission decision, deploying evidence from Europe that was not examined in India." "There are more than 50 instances of copypasting," in some cases "word-for-word," and the watchdog erroneously dismissed the issue, Google said in its filing which is not public but has been reviewed by Reuters. "The Commission failed to conduct an impartial, balanced, and legally sound investigation ... Google's mobile app distribution practices are pro-competitive and not unfair/ exclusionary."

The time has come: Dark Sky, the (mostly) beloved weather app for iOS is going to stop working on January 1st, according to in-app warnings. From a report: The sunsetting has been in the forecast for a while -- Apple announced it was planning on shutting down the service last year after acquiring it in 2020, and it removed Dark Sky from the App Store a few months ago, according to 9to5Mac. But if you've been putting off finding a new weather app, now's the time to finally get around to it. As for what alternatives iPhone users have available (the Android app was axed in 2020), perhaps the most obvious is Apple's own built-in Weather app. The company even has a support document titled "How Dark Sky users can use the Apple Weather app," which talks about how features from the former have been added to the later. Further reading: The World's Best Terrible Weather App.

Google has announced that it's adding a red "suspected spam caller" warning to Google Voice calls if it doesn't think they're legitimate. From a report: In a post on Thursday, the company says it's identifying spam "using the same advanced artificial intelligence" system as it does with its traditional phone app for Android. If the spam label appears, you'll also have the option of confirming that a call was spam -- in which case any future calls will be sent straight to your voicemail -- or clarifying that it wasn't, which will get rid of the label for future calls.

Google Voice has had the ability to automatically filter calls identified as spam to voicemail for years, and has also allowed you to screen calls before actually picking them up, but those options may not have been great if you're the type of person who gets a lot of important calls from unknown numbers. Google does say that you'll have to turn off the Filter Spam feature by going to Settings > Security > Filter spam if you want the automatic spam labeling.

An Android banking malware named 'Godfather' has been targeting users in 16 countries, attempting to steal account credentials for over 400 online banking sites and cryptocurrency exchanges. From a report: The malware generates login screens overlaid on top of the banking and crypto exchange apps' login forms when victims attempt to log in to the site, tricking the user into entering their credentials on well-crafted HTML phishing pages.

The Godfather trojan was discovered by Group-IB analysts, who believe it is the successor of Anubis, a once widely-used banking trojan that gradually fell out of use due to its inability to bypass newer Android defenses. ThreatFabric first discovered Godfather in March 2021, but it has undergone massive code upgrades and improvements since then. Also, Cyble published a report yesterday highlighting a rise in the activity of Godfather, pushing an app that mimics a popular music tool in Turkey, downloaded 10 million times via Google Play.

Tumblr is adding support for livestreaming via the video platform Livebox. The Verge reports: Tumblr has supported streaming in the past, but it did so by letting people share streams from other services like YouNow and YouTube. The new option is described as a native Tumblr streaming service powered by Livebox. (Livebox is operated by the Meet Group, a subsidiary of the dating app company ParshipMeet Group.) Livebox allows users to tip streamers, and by the same token, Tumblr will let you pay creators in a virtual currency called "Diamonds." Livebox provides AI- and human-powered moderation for streams, according to a press release; the service also lets streamers designate trusted viewers as moderators. The streaming service is so far only supported for people's primary Tumblr blog, not any side blogs under the same account.

The feature is being rolled out to US users on iOS and Android now, and a release for global users and the desktop site is planned for the future. More details are outlined in a blog post, which dubs the service Tumblr Live.

A little-known phone monitoring app called Xnspy has stolen data from tens of thousands of iPhones and Android devices, the majority whose owners are unaware that their data has been compromised. From a report: Xnspy is one of many so-called stalkerware apps sold under the guise of allowing a parent to monitor their child's activities, but are explicitly marketed for spying on a spouse or domestic partner's devices without their permission. Its website boasts, "to catch a cheating spouse, you need Xnspy on your side," and, "Xnspy makes reporting and data extraction simple for you."

Stalkerware apps, also known as spouseware, are surreptitiously planted by someone with physical access to a person's phone, bypassing the on-device security protections, and are designed to stay hidden from home screens, which makes them difficult to detect. Once installed, these apps will silently and continually upload the contents of a person's phone, including their call records, text messages, photos, browsing history and precise location data, allowing the person who planted the app near-complete access to their victim's data. But new findings show many stalkerware apps are riddled with security flaws and are exposing the data stolen from victims' phones. Xnspy is no different.

Lukasz Siewierski, a member of Google's Android Security Team, has a post on the Android Partner Vulnerability Initiative (AVPI) issue tracker detailing leaked platform certificate keys that are actively being used to sign malware. From a report: The post is just a list of the keys, but running each one through APKMirror or Google's VirusTotal site will put names to some of the compromised keys: Samsung, LG, and Mediatek are the heavy hitters on the list of leaked keys, along with some smaller OEMs like Revoview and Szroco, which makes Walmart's Onn tablets. [...] Esper Senior Technical Editor Mishaal Rahman, as always, has been posting great info about this on Twitter. As he explains, having an app grab the same UID as the Android system isn't quite root access, but it's close and allows an app to break out of whatever limited sandboxing exists for system apps. These apps can directly communicate with (or, in the case of malware, spy on) other apps across your phone. Imagine a more evil version of Google Play Services, and you get the idea.

For the last thirteen years the Free Software Foundation has published its Ethical Tech Giving Guide, notes a recent FSF blog post. "The right to determine what a device you've purchased does or doesn't do is something too valuable to lose."

Or, as they put it in the guide: It's time to reclaim our freedom from the abuse of multinational corporations, who use proprietary software and malicious "antifeatures" to keep us powerless, dependent, and surveilled by the devices that we use. There's no time at which it's more important to turn these unfortunate facts into positive action than the holiday season.

The gifts that we recommend here might not be making headlines, but they're the rare exception to the apparent rule that devices should mistreat their users.
For technical users, the guide recommends pairing the FSF-sponsored Replicant, a fully-free distribution of Android, with the F-Droid app repository, which has hundreds of applications including Syncthing, Tor, Minetest, and Termux.

They also praise the X200 laptop, "one of the few home user devices that's able to run fully free software from top to bottom." With easy-to-repair hardware, it's the laptop most frequently used in the FSF's own office — just one of several freedom-respecting devices from Vikings. And there's shout-outs to MNT's Reform laptop, products from PINE64 and Purism, plus a freedom-respecting VPN, and a mini wifi adapter .

The guide even recommends places to buy DRM-free ebooks, including No Starch Press, Smashwords, Leanpub, Standard Ebooks, Nantucket E-Books, Libreture (which also offers a storage solution). Meanwhile for print books, there's the Gnu Press Shop

And it also recommends sources for DRM-free music (including Bandcamp, Emusic, the Smithsonian Institute's Folkways, the classic punk label Dischord, HDTracks, and Mutopia).

And it also tells you where to find free (as in freedom) films...

An anonymous reader quotes a report from Ars Technica: Google announced that Android's space-saving app file format, Android App Bundles (AABs), will finally be the standard on Android TV. By May 2023 -- that's in six months -- Google will require all Android TV apps to switch to the new file format, which can cut down on app storage requirements by 20 percent.

Android App Bundles were announced with Android 9 in 2018 as a way to save device storage by breaking an app up into modules, rather than one big monolithic APK (the old Android app format) with every possible piece of data. Android apps support a ton of different languages, display resolutions, and CPU architectures, but each individual device only needs to cherry-pick a few of those options to work. Android App Bundles integrate with the Play Store to create a dynamic delivery system for each module. Your phone communicates which modules it needs to the Play Store, and Google's servers bundled up an appropriate package and sent it to your device. It's even possible for developers to move some lesser-used app functionality into a bundle that can be downloaded on the fly if a user needs it. [...]

Google says Android App Bundles average around a 20 percent space savings compared to a monolithic APK, which will be a huge help for these storage-starved devices. Since 2021, they have been the required standard for phones and tablets, and in six months, TV apps will be required to use them, too. Developers who don't switch in time will have their TV apps hidden from search, so they'd better get to work! Google estimates that "in most cases it will take one engineer about three days to migrate."