At Google’s annual Playtime developer event in Berlin and San Francisco, the company made a series of Google Play announcements. In terms of momentum, Vineet Buch, Google Play’s director of product management, shared that the number of developers making over $1 million per month on Google Play has grown by more than 30 percent since the beginning of the year. Buch also added that Google Play now sees more than 8 billion new installs per month globally (this excludes preinstalled apps). In short, Google wants developers to know the Play store is doing well and that it’s continuing to invest in the ecosystem.

Google Play has over 1 billion monthly active users, which the company argues makes it “the world’s largest app distribution platform.” Last year, Google Play users installed apps 82 billion times, so if the 8 billion monthly figure holds, the store will surpass its previous record in 2017.

Google is adding new Google Play and Google Play Console features to help developers track and improve app quality as well as test their apps. Here’s the rundown:

  • The revamped Editors’ Choice section is now live in 17 countries and Android Excellence recently welcomed new apps and games.
  • The improved home for games features trailers and screenshots of gameplay. Two new browse destinations are coming soon — Premium (for paid games) and New (for upcoming and trending games).
  • The new Try it Now button for Android Instant Apps on store listings lets you jump into the app experience without installing. Google started testing the apps in January and opened the SDK to all developers in May.
  • Android vitals, introduced at Google’s I/O 2017 developer conference, are already used by 65 percent of top developers. Five new Android vitals are being added today, and device coverage has been increased to help address issues relating to battery consumption, crashes, and render time.
  • Pre-launch reports are being enabled for all developers with no need to opt-in, informing about crashes, display issues, security vulnerabilities, and now, performance issues. When you upload an alpha or beta APK, your app will be tested on popular devices powered by Firebase Test Lab.
  • A new Google Play policy now disallows apps and games which consistently exhibit broken experiences on the majority of devices such as crashing, closing, freezing, or otherwise functioning abnormally.
  • You can now target alpha and beta tests to specific countries, and country-targeting is coming to staged rollouts soon.
  • The device catalog, used by over 66 percent of top developers according to Google, now lets you save device searches and see why a specific device doesn’t support your app.
  • Google can now help manage your subscription service with the Play Billing Library and new test instruments to test your flows for successful and unsuccessful payments.
  • You can also now offer shorter free trials, at a minimum of three days, and Google Play will now enforce one free trial at the app level to reduce the potential for abuse. You can opt-in to receive notifications when users cancel their subscription, it’s easier for users to restore a canceled subscription, and you can block access to your service while a user fixes renewal payment issues.
  • Starting in January 2018, Google is reducing its transaction fee from 30 percent to 15 percent for subscribers who are retained for more than 12 months.
  • The new Google Play Security Reward Program is supposed to incentivize security researchers to find vulnerabilities in popular Android apps, including Google’s own apps. The program will notify developers with security recommendations and how to fix them.

The last point deserves more detail. Google wants to proactively improve security in the Google Play ecosystem by trying the mimic the success it has seen with its own bug bounty programs. The program is a partnership with HackerOne, a vulnerability identification platform that helps connect security-conscious businesses with bug hunters.

Google expects the flow will work something like this: A security researcher identifies a vulnerability within an app participating in the program and reports it directly to the app’s developer. The two work together to resolve the vulnerability. Once the security hole has been plugged, the researcher submits a report to the Google Play Security Reward Program, and the Android Security team issues a reward to the researcher.

Google promises rewards of $1,000 that meet its vulnerability criteria, but notes all reward decisions are ultimately at the discretion of the Google Play Security Reward Program. Vulnerabilities in the scope include:

  • Attacker gaining full control, meaning code can be downloaded from the network and executed (download and execute arbitrary code, native, Java code etc. JavaScript)
  • UI Manipulation to commit a transaction. For example, causing a banking app to make money transfers on behalf of the user without their consent.
  • Opening of webview that may lead to phishing attacks. Opening webview without user input or interaction.

Google’s message to developers remains unchanged: We want to help grow your business because it will help grow our business. The list of updates above shows the company is not messing around.

Google today also released a new State of Play 2017 report that will be updated annually to help developers stay informed about the app store’s progress. If you kept up with the news at I/O 2017, there’s not much new in there, but it’s still a solid summary for those who want to catch up.