Android is changing—and fast.
Updated September 13 with details of new Android trojan warning.
Make no mistake—Google is bringing Android closer to iPhone. Hardcore members of the Android fan club may not like it when I point this out, but that doesn’t make it less true. That doesn’t mean Android isn’t innovative or that iPhone doesn’t take inspiration from that; what it does mean is that when it comes to security, Android is scaling the mountain that has long been the great divide between the two ecosystems.
And so it is with the a new warning that is about to start hitting millions of phones, as the latest update to the core Play platform that underpins Android goes live. This brings a further clampdown on sideloading and the gaping security holes which this breaches in Android devices worldwide.
As Android Authority explains, “the Google Play Integrity API lets apps check whether your account is ‘unlicensed’, meaning you didn’t install or buy the app from Google Play. More importantly, the app can then show a remediation dialog that tells you they have to download the app from Google Play to continue using it.”
The change means apps can check that Play Protect is running on a device, which is increasingly being presented as the primary defense for Android users against the scourge of malware that continues to plague devices. Apps can check the integrity of a device and an installation at any time, with the assumption being this will be on installation, launch and likely when sensitive transactions take place.
This change was previewed during May’s Google I/O, with the company explaining that developers can “call the Integrity API at important moments in your app to check that user actions and requests are coming from your unmodified app binary, installed by Google Play, running on a genuine Android device.” According to Android Authority, this “is already being used by some games to block sideloading.”
Play Store clamps down even harder on sideloading
If the Integrity API flags, a user will be warned that the app is an “unrecognized version,” and that it “will be removed, along with any associated data.” Google is taking this update seriously as it tightens the defenses around Play; not only does it prevent users bypassing these warnings, but it also flags non-Play installations to app developers, such that they can then decide whether to continue to allow access.
Add this to the other security upgrades coming with Android 15, and it’s clear the stable door is finally being bolted. “It’s going to become harder and harder for power users to justify rooting Android.,” says Android Authority. “At the same time, regular users will be better protected from potentially risky and fraudulent interactions.”
This latest news follows Samsung’s even firmer clampdown on sideloading, with its decision to default to maximum restrictions on its devices. The challenge for the hardcore Android user base will be striking the right balance, enabling looser than iPhone behaviors while protecting the vast majority off everyday users. And while Android warnings continue to pop up monthly, especially regarding non Play Store installs, it’s clear this is much needed and long overdue.
The expectation is now that ever more apps will adopt Play Integrity, which Android Authority reports “is already used by numerous popular apps on Google Play, including Stripe, Uber, and TikTok.”
With perfect timing, a new report from Group-IB has just highlighted the risk of installing apps from outside Play Store. Their analysis of the Ajina malware “reveals intensive attempts to utilize messaging platforms, including Telegram, as a channel for disseminating malicious samples. Ajina orchestrated a widespread campaign by creating numerous Telegram accounts, leveraging these accounts to disseminate malware within regional community chats. Evidence suggests that this distribution process may have been partially automated, allowing for a more efficient and far-reaching spread of the malicious software.”
The level of sophistication here was marked, with giveaways and rewards offered in local Telegram chats, with some of those lures disguised as coming from legitimate sources. This typical banker malware, once installed, was intended to steal SMS codes and credentials. the objective was simple financial gain. And it worked.
We have seen several campaigns that have disguised malware behind apparently legitimate app installs and updates, which is why this latest move from Google is critical, enabling developers to attest to the legitimacy of each download.
While we all bat away countless, crude phishing and smishing attempts weekly, the tip of that ugly iceberg is much smarter and more cleverly deployed. “To enhance their deception,” Group-IB says, “Ajina crafted messages and sent links and files to lure unsuspecting users. The malware is often disguised as legitimate banking, government, or everyday utility applications, designed to exploit the trust users placed in these essential services in order to maximize infection rates and entice people to download and run the malicious file, thereby compromising their devices.”
Even through this malware was not distributed through Google’s own channels or the Play Store, its Play Protect service will defend users against the threat. But there’s an obvious game of cat and mouse, with bad actors deploying ever more sophisticated lures and deceptive malware to evade the defenses until caught.
Shifting more fully to Play Store isn’t a magic bullet, with plenty of examples of malicious apps lurking there as well. But it’s materially safer than any third-party store or direct install. Its defenses are also being shored up by two new Google innovations of note, all of which combines to change the game for Android users.
First is Google’s plan to cull low-quality apps from Play Store, which should raise the bar materially and cut out much of the vacuous content littering users’ phones. Second is the introduction of live threat detection with Android 15, utilizing on-device AI to flag app behaviors that might be indicative of malware or other threats.
All told, it’s a brave new world for Android. But as for whether it can genuinely bridge the security and privacy gap to iPhone—watch this space…