Google reports that 80% of applications encrypt traffic by default

This week, Google reported about its success in adopting the HTTPS standard: 80% of applications encrypt traffic by default.

“Today, we’re happy to announce that 80% of Android apps are encrypting traffic by default. The percentage is even greater for apps targeting Android 9 and higher, with 90% of them encrypting traffic by default”, — posted by Bram Bonné, Senior Software Engineer, Android Platform Security & Chad Brubaker, Staff Software Engineer, Android Platform Security.

In fact, this means that once the traffic is encrypted, it cannot be intercepted or read by third parties.

In the case of applications developed for the latest versions of Android, this percentage is even higher. So, the company claims that 90% of applications written for Android 9 and higher encrypt traffic by default.

Read also: The influence of mining malware declined by almost 70% during 2019

Google reports that for apps targeting Android 9 and higher, the out-of-the-box default is to encrypt all network traffic in transit and trust only certificates issued by an authority in the standard Android CA set without requiring any extra configuration. Apps can provide an exception to this only by including a separate Network Security Config file with carefully selected exceptions.

Recall that starting since November 1, 2019, the company demanded that all applications on Google Play, including new ones and updates for existing ones, be oriented to Android 9 and higher. Google believes that this will also have a positive impact, and the pace of TLS implementation will only continue to grow.

“Since November 1 2019, all app (updates as well as all new apps on Google Play) must target at least Android 9. As a result, we expect these numbers to continue improving. Network traffic from these apps is secure by default and any use of unencrypted connections is the result of an explicit choice by the developer”, — writes Bram Bonné and Chad Brubaker in Google blog.