Saturday, November 9, 2024

Google Warns Millions Of Android Users—Do Not Install These Apps

Must read

Make no mistake—Google is bringing Android closer to iPhone. Hardcore members of the Android fan club may not like it when I point this out, but that doesn’t make it less true. That doesn’t mean Android isn’t innovative or that iPhone doesn’t take inspiration from that; what it does mean is that when it comes to security, Android is scaling the mountain that has long been the great divide between the two ecosystems.

And so it is with the a new warning that is about to start hitting millions of phones, as the latest update to the core Play platform that underpins Android goes live. This brings a further clampdown on sideloading and the gaping security holes which this breaches in Android devices worldwide.

As Android Authority explains, “the Google Play Integrity API lets apps check whether your account is ‘unlicensed’, meaning you didn’t install or buy the app from Google Play. More importantly, the app can then show a remediation dialog that tells you they have to download the app from Google Play to continue using it.”

The change means apps can check that Play Protect is running on a device, which is increasingly being presented as the primary defense for Android users against the scourge of malware that continues to plague devices. Apps can check the integrity of a device and an installation at any time, with the assumption being this will be on installation, launch and likely when sensitive transactions take place.

This change was previewed during May’s Google I/O, with the company explaining that developers can “call the Integrity API at important moments in your app to check that user actions and requests are coming from your unmodified app binary, installed by Google Play, running on a genuine Android device.” According to Android Authority, this “is already being used by some games to block sideloading.”

If the Integrity API flags, a user will be warned that the app is an “unrecognized version,” and that it “will be removed, along with any associated data.” Google is taking this update seriously as it tightens the defenses around Play; not only does it prevent users bypassing these warnings, but it also flags non-Play installations to app developers, such that they can then decide whether to continue to allow access.

Add this to the other security upgrades coming with Android 15, and it’s clear the stable door is finally being bolted. “It’s going to become harder and harder for power users to justify rooting Android.,” says Android Authority. “At the same time, regular users will be better protected from potentially risky and fraudulent interactions.”

This latest news follows Samsung’s even firmer clampdown on sideloading, with its decision to default to maximum restrictions on its devices. The challenge for the hardcore Android user base will be striking the right balance, enabling looser than iPhone behaviors while protecting the vast majority off everyday users. And while Android warnings continue to pop up monthly, especially regarding non Play Store installs, it’s clear this is much needed and long overdue.

The expectation is now that ever more apps will adopt Play Integrity, which Android Authority reports “is already used by numerous popular apps on Google Play, including Stripe, Uber, and TikTok.”

ForbesMicrosoft Reveals Bad News For 70% Of Windows Users—Upgrade Warning Gets Worse

Shifting more fully to Play Store isn’t a magic bullet, with plenty of examples of malicious apps lurking there as well. But it’s materially safer than any third-party store or direct install. Its defenses are also being shored up by two new Google innovations of note, all of which combines to change the game for Android users.

First is Google’s plan to cull low-quality apps from Play Store, which should raise the bar materially and cut out much of the vacuous content littering users’ phones. Second is the introduction of live threat detection with Android 15, utilizing on-device AI to flag app behaviors that might be indicative of malware or other threats.

All told, it’s a brave new world for Android. But as for whether it can genuinely bridge the security and privacy gap to iPhone—watch this space…

Latest article