Updated September 13 with details of new Android trojan warning.
Make no mistake—Google is bringing Android closer to iPhone. Hardcore members of the Android fan club may not like it when I point this out, but that doesn’t make it less true. That doesn’t mean Android isn’t innovative or that iPhone doesn’t take inspiration from that; what it does mean is that when it comes to security, Android is scaling the mountain that has long been the great divide between the two ecosystems.
And so it is with the a new warning that is about to start hitting millions of phones, as the latest update to the core Play platform that underpins Android goes live. This brings a further clampdown on sideloading and the gaping security holes which this breaches in Android devices worldwide.
As Android Authority explains, “the Google Play Integrity API lets apps check whether your account is ‘unlicensed’, meaning you didn’t install or buy the app from Google Play. More importantly, the app can then show a remediation dialog that tells you they have to download the app from Google Play to continue using it.”
The change means apps can check that Play Protect is running on a device, which is increasingly being presented as the primary defense for Android users against the scourge of malware that continues to plague devices. Apps can check the integrity of a device and an installation at any time, with the assumption being this will be on installation, launch and likely when sensitive transactions take place.
This change was previewed during May’s Google I/O, with the company explaining that developers can “call the Integrity API at important moments in your app to check that user actions and requests are coming from your unmodified app binary, installed by Google Play, running on a genuine Android device.” According to Android Authority, this “is already being used by some games to block sideloading.”