Google adds protection against modifications in Play Store apps
Google is going to add security code to applications in the Play Store. That should help confirm that applications are authentic, especially if they are distributed through distribution channels outside the Play Store.
The internet giant explains this in a blog post, mentioning ‘security metadata’, which is added to Play Store apps. The extra code is added to the apk installation files and is intended to help developers distribute applications outside of the Play Store. With the inserted code, Android checks whether the application is authentic when installed and if that is the case, it will be added to the Play Store library and the app can be updated. Developers don’t have to do anything themselves; the code is added to the digital signing process that apps must undergo.
Google points out that alternative application distribution channels are used in some countries. For example, in countries where large data bundles are less common, peer-to-peer channels are often used. With the security code that checks whether the apps correspond to the Play Store version, users can still safely use alternative channels, according to Google.
In time, Google could impose more restrictions on the installation of applications. For example, it could be made possible that applications must be mandatory in the Play Store to be installed, or prevent certain applications from being installed. It is not clear whether Google intends to do so.