Skip to main content
Sign in

Recommended minimum Android SDK version

OMA Support
  • Updated
Recommended minimum SDK version for Android projects

Are you unsure of which minimum supported Android version to choose for your project?

Choosing the right minimum SDK version is critical for achieving a balance between device coverage and development time, taking also security into consideration. While device coverage is an important factor to consider when deciding the minimum version, keep in mind that the lower the version of your minimum SDK, the more time you will need to spend on maintaining your codebase and ensuring that it's compatible with all the different versions of the SDK. 

At OMA, we recommend to set minSdkVersion to at least API level 24 (Android 7), for security reasons. This is because when an app is compatible with Android 5 or 6 (minSdkVersion = 21 or 23), it has to be signed with the V1 signature scheme, which is unreliable because it allows certain parts of the app to be modified without affecting the signature. These apps are also exposed to the Janus vulnerability on Android 5 and 6 devices that have not been patched with the Android Security Patch 2017 December 01.

Each new version of the Android SDK is introducing security and data privacy protection improvements. Moreover no more security updates are delivered for a given version of Android after a few years. Security analysis tools like MobSF recommend to set the minSdkVersion to API level 29 (Android 10), for the following reasons:

 

Additional resources

Recommended minimum SDK version for Android projects

MASTG-BEST-0010: Use Up-to-Date minSdkVersion - OWASP Mobile Application Security

Android version history - Wikipedia

Android Security and Update Bulletins  |  Android Open Source Project

 


 

Related articles

Comments

0 comments

Article is closed for comments.