Android malware has been making the headlines lately, particularly with the swathe of fake Fortnite apps that were available for download. Google is looking to combat these fake apps by introducing anti-tamper DRM to apps downloaded from places other than the Play Store.
Google announced this change via their Android Developers Blog. The blog states that Google will now start adding a small amount of security metadata to APKs. This metadata allows for verification of whether the app came from the Play Store or was tampered with.
Google says the biggest reason for this change is the ability to check for authenticity, even when offline, citing countries where peer-to-peer app sharing is a common practice. When online, the app will automatically be added to the user’s library and work as though it was installed directly from the Play Store.
This is a boon for developers because they can now distribute their own app through other channels than the Play Store, and still easily allow users to confirm the legitimacy of the app.
KitGuru Says: This is a good move by Google to help keep Android users safe. APK sharing is a big thing, and easy verification makes it a lot easier to stamp down on malware-ridden apps. What do you make of these changes?