Monday, December 23, 2024

Google’s beefing up Android app security, but not everyone’s going to be happy

Must read

Mishaal Rahman / Android Authority

TL;DR

  • Play Integrity is getting some upgrades that promise faster, more secure device attestation.
  • The new verdicts are opt-in for devs right now, but will be widely deployed in 2025.
  • While this is good news for average users, custom ROM and sideloading enthusiasts may run into trouble.

With as complex as modern software is, getting security right can be an extremely delicate balancing act. Obviously, no security at all results in a Wild West situation where it’s all too easy for malware to ruin your day. But on the flip side, overly cumbersome security can lead down a road where app functionality is negatively impacted. On Android, Google offers developers the use of its Play Integrity API to securely verify the environment apps run in. Google’s now got some new Play Integrity upgrades incoming, and while this is generally good news for most of us, it’s likely to cause some headaches for others.

Play Integrity gives Android apps powerful tools to only operate under their own terms. That means that apps can make sure your phone’s not rooted, for instance, or that you’re not running a custom ROM. For years now, there’s been a back-and-forth between devs and users who are interested in pushing these boundaries, as the users find new ways to spoof attestation checks and convince apps to run where devs don’t want them to. But with the changes Google’s making to the Play Integrity API, the company says that spoofing will now be harder than ever.

There are also consequences for users who like to sideload apps, even when running on otherwise unmodified Android handsets. Play Integrity has introduced a check to make sure that apps were installed through the Play Store, and Google expects to see more apps fail this check with Play Integrity’s upgrades.

All that said, if you’re not on a custom ROM, don’t care about root, don’t sideload apps, and just want to continue enjoying Android like a “normal” user, this is only going to be good news for you. The vast majority of these changes won’t be visible to you at all, and really all you could expect is that apps will be ever so slightly faster, as Google reduces API latency. You might find yourself running into more situations where an app protests because your phone hasn’t gotten a security update in over a year — but maybe that’s your cue to move to a better-supported handset, anyway.

Developers are able to start using the new system right now by opting in. New integrations will use them by default, and in May 2025 Google will push everyone over to the new verdicts.

Got a tip? Talk to us! Email our staff at news@androidauthority.com. You can stay anonymous or get credit for the info, it’s your choice.

Latest article