Google is making it easier for Android apps to detect and block sideloading

Android has seen a lot of changes over the past few years, with Google managing to put security, privacy, and AI at the forefront of its recent efforts. And while most of the changes are welcome, some would argue that Android is slowly losing its core identity as an OS that’s truly customizable. Of course, that seems to be a cost that Google is willing to take as it tries to put Android into the hands of more and more consumers over the next decade. With that said, sideloading apps has pretty much always been a thing with Android, giving users the ability to download and install applications from another source outside the Google Play Store.

There are many reasons that a user would go this route, but the flip side of sideloading is that it can be unsafe if you don’t know what you’re doing, and at worst it can tamper not only with the experience of the app, but with Android as a whole. So, from a developer’s perspective, there are a number of great reasons why they wouldn’t want a user to download an app that isn’t from a legitimate source. And while there are some buffers in place to prevent sideloaded apps from being installed, users can now just bypass them. But it looks like things could change in the near future, as Android’s Play Integrity API is set to bring new hurdles for those that want to sideload apps in the future.

The news comes from Mishaal Rahman of Android Authority exploring how the Play Integrity API will protect users and prevent sideloading, which has been relatively easy in the past. The API does a lot of heavy lifting in order to ensure that apps that are installed are coming from a genuine source, and if it detects a modified version of the app or sees that there is some unusual behavior, then the API can take action in order to prevent issues or “reduce abuse.” Of course, while this may sound quite simple, but there are a number of ways that the API checks an app in order to ensure that it’s legitimate.

Google lists how this API works in full on its developer website, giving a concise break-down of how it processes information and determines what’s genuine and what isn’t. Developers can make use of a number of parameters like “check that it happened in your genuine app binary, installed by Google Play, running on a genuine Android device.” Things can be taken even further as well, with developers adding more data points like “volume of requests a device had made recently and signals about the environment, including the app access risk verdict and the Play Protect verdict.”

And as you can imagine, if there are any red flags within these parameters, a decision can be made on how to handle the situation depending on the severity of the infraction, addressing “abuse, fraud, misuse, cheating, unauthorized access, and attacks.” Naturally, this is going to land on the feet of developers and how they will best utilize this data and take action. Rahman includes an example of how a prompts work when there is an issue with the integrity verdict. In this example, the dialog simply requests the user to download the app from the Play Store, immediately rectifying the problem.

While there have been ways in the past to detect issues with apps installed on Android devices, this new way makes it easier for developers to check and also take action against offending apps and their users. Google has already implemented ways to move users from sideloaded to official ones and this is naturally just going to progress even further as time goes on. And as this feature and other security features progress, it’s going to slowly close the window even more on the customization that Android used to be known for. But it’s clear that Google is ready to move forward, shedding its old skin, as Android is no longer an OS for tinkerers and is now aimed at capturing the mass market.