Technology Android apps can now block sideloading and force downloads through Google Play Store

Ashish1+1

Level 1
Thread author
Verified
Nov 29, 2016
48
An updated API available to Android app developers can force users to download the app from Google Play, blocking the app from working if it is sideloaded.

First announced at Google I/O 2024, the “Play Integrity API” gives developers new tools to improve the safety and security of Android apps. The API can also effectively block sideloading, though, as Android Authority has brought out.

One of the new abilities of Play Integrity is to check whether or not an app is “licensed,” referring to if it was installed from the Google Play Store or not. This optional feature can block an app from running if it was installed in a way that was “unlicensed,” namely through sideloading from a third-party source.


If an app comes back as “unlicensed,” developers further have the option to have an unskippable dialog appear that prompts users to re-download the app via the Google Play Store if they wish to continue using it with an “Install from Play” button. When users opt to do that, the previous version that was sideloaded is removed from the device.

Source: Apps can now block sideloading more easily and force downloads through Google Play
 

Ashish1+1

Level 1
Thread author
Verified
Nov 29, 2016
48
Google lists how this API works in full on its developer website, giving a concise break-down of how it processes information and determines what's genuine and what isn't. Google has already implemented ways to move users from sideloaded to official ones and this is naturally just going to progress even further as time goes on. And as this feature and other security features progress, it's going to slowly close the window even more on the customization that Android used to be known for. But it's clear that Google is ready to move forward, shedding its old skin, as Android is no longer an OS for tinkerers and is now aimed at capturing the mass market.

Source: Google is making it easier for Android apps to detect and block sideloading
 

Marko :)

Level 23
Verified
Top Poster
Well-known
Aug 12, 2015
1,214
From what I understand, this will only work if the package name of an app installed by sideloading exists on Google Play. If it doesn't, Google and Android have no way of recognizing installed apps. Many modded apps already change the package name because few months back, Google started linking package names to Google Play. That resulted sideloaded apps showing in Google Play under updates section and constantly showing errors as they can't update.

Example: official package name for YouTube app is com.google.android.youtube and if you sideload modified app with the same name, it won't work (Google Play will detect it). But if you install the same app with modified package name like com.myownversionof.youtube, it will continue to work normally.
 
Last edited:

Ashish1+1

Level 1
Thread author
Verified
Nov 29, 2016
48
I never want to compromise the security/ integrity of my device neither bringing piracy into context. I find its benefit when trying for geo-locked apps or when my device requires an old compatible apk version more suited for my model, or worst when a dev ruins the new version with an update or locks features.

What bothers is whether is this a beginning of a trend - like how Google envisions YouTube, which seemingly is becoming more and more of a closed system with every update :censored:
 

Marko :)

Level 23
Verified
Top Poster
Well-known
Aug 12, 2015
1,214
I never want to compromise the security/ integrity of my device neither bringing piracy into context. I find its benefit when trying for geo-locked apps or when my device requires an old compatible apk version more suited for my model, or worst when a dev ruins the new version with an update or locks features.

What bothers is whether is this a beginning of a trend - like how Google envisions YouTube, which seemingly is becoming more and more of a closed system with every update :censored:
If you want to use popular services with more features and benefits, you kind of have to use modded apps. But, when you do it, you need to get this stuff from reputable sources which definitely isn't Google. I have a huge directory of free and safe app sources, as well as modded ones, but I obviously won't post it here for logical reasons.

Android is very secure for years already, and unless you give app more permissions than it needs to function, app can't do any damage. This is the reason why I don't worry about this stuff anymore. Even if you downloaded malicious app, as long as you didn't let it work in the background, gave it ability to install apps from unknown sources, granted it accessibility permissions and set it as an administrator; app is basically powerless. Because by default, app doesn't have any permission at all.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top