Offline Android apps get new security check

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
How do Android users know whether an app is genuine?

Currently, the best advice is to study the app’s source, but given they can be loaded from three – the Play Store, from a third-party source, or from an offline source – it’s not always as easy to tell as it should be.

Third-party consumer repositories have a poor reputation, so much so that Android disallows downloading from them by default.

Instead, Google recommends people stick to its Play Store, but even here plenty of malicious apps seem able to wriggle through the supposedly ever-higher security wall thrown up by Google’s Play Protect security.

That leaves offline sources, where large numbers of Android users get their apps in countries with poor or expensive online connectivity.

The APK (Android Package Kit), akin to .exe files on a Windows computer, is the Android file format used to distribute apps.

The problem is that, because users load them from a peer while offline, Android has no way of knowing whether they originated from the Play Store or not, or have been tampered with.

With this problem in mind, Google this week confirmed plans trailed last year to add a “a small amount of security metadata” to each app APK as a way of confirming it originated in the Play Store.

According to Google Play’s product manager, James Bender, this means:

....
....
.....
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top