Google: 80% of Android apps encrypt traffic by default

Google’s work to tighten up protection of network traffic from Android devices to web services that began three years ago is finally paying off.    

In 2016, Google gave Android app developers the tools to ensure traffic from apps were encrypted over the Transport Layer Security protocol, which enables the secure version of HTTP communications known as HTTPS or HTTP ‘secure’. 

Google considers the security feature especially important for mobile apps because of how frequently smartphones connect to untrusted wifi networks, such as at cafes and airports. But progress has been slow. 

That same year Apple introduced App Transport Security, which would be mandatory from January 1, 2017 and forces iOS apps that connect to web services do so over an HTTPS connection. It was enabled by default in iOS 9

But as Google revealed today, at the beginning of 2018, 0% of apps were blocking cleartext communications by default. The good news is that the figure steadily climbed over the past year and reached 40% in May 2019, which was an inflection point that saw the default behavior to accelerate and reach 80% by October 2019.