Google is Adding Anti-Tampering DRM To Android Apps in the Play Store

Google has introduced a small change to Play Store apps that could significantly protect several Android users. From a report: Earlier this week, Google quietly rolled out a feature that adds a string of metadata to all APK files (that's the file type for Android apps) when they are signed by the developer. You can't install an application that hasn't been signed during its final build, so that means that all apps built using the latest APK Signature Scheme will have a nice little chunk of DRM built into them. And eventually, your phone will run a version of Android that won't be able to install apps without it.

Re:Good idea

[swillden]

The article is dismissive of the direction this is heading, but in a world where 99% of the people using a mobile device simply have no ability to manage digital security, you just can't continue to allow people to install something from anywhere.

Of course you can. It's done by creating operating systems not full of swiss cheese escalation vulnerabilities

So, step one is to do what no one has ever managed to do in the history of widely-used consumer operating systems. You have an extraordinarily high opinion of Google's engineers. Thank you, but we're not that good. If you are, please send me your resume.

and giving users meaningful access controls that never devolve into take it or leave it demands of software.

That was done in Android 6.0, in 2015. Unfortunately, Android fragmentation means that it's not yet possible to force all apps to use it, because there are still too many older OS versions in active use. I think we should be able to do that in the next year or two, but that's only my guess, and it's not my area of expertise.

God forbid a user is able to feed fake location, address book and phone data

For address book data, I think the better solution is not to give apps access to the address book at all. Instead, give them a system API that allows them to request that the system throw up an address selection dialog, and then give them only the data the user chose. Unfortunately, that would be a huge change for the app ecosystem, so it would have to be done carefully, and even when done it would take time to roll out and convince app developers to adopt it. Also, users won't want to be restricted to only default address book management tools, so we'll still have to provide a permission that allows unlimited access, though hardly any of the apps that have address book access now would need it under this notional model.

As for fake data... I don't know. There's a lot of debate about that. I don't think anyone is philosophically opposed (and no one cares about the alleged financial considerations that you're so certain drive us), but no one really believes it will work, either. It'll just produce an arms race between fake data generators and fake data detectors. And it would also make spoofing of location-based games, etc., completely trivial, which negatively impacts the users of those games, as well as the developers. All in all, it seems like a lot of effort for little net gain, if any.

App developers would riot. Owning users is the business model of the everything must be FREE app store market.

Overstated, but not fundamentally wrong. It definitely is true that the Android team wants to serve developers as well as users, because a platform has to have both to exist. And device makers, too.

Damn straight!! The peasant class doesn't deserve no stinking freedom. They can't handle it. All Hail King Alphabet ruler of all teh Intertubes.

This is isn't the Android team's approach or perspective at all. There's a reason that Nexus and PIxel devices have always had unlockable bootloaders. It's because Google believes that technical users should have control of their devices. With Project Treble new devices are now in a state where you can flash a custom AOSP build onto any device you can unlock, without needing to worry about vendor binaries... it's taken a huge amount of work to get to that point, and while most of the reason for doing it is to fix the upgradability problem (and resulting fragmentation problem), making life easy for modders and makers of custom ROMs is part of it, too.

I host a regular conference call for talking to key players in the modding and rooting community, which the specific goal of helping my team to understand how we should best design to make their lives easier. I love to see technical users doing interesting thi

/. vs the rest of the world

[DrYak]

Congratulation, you're the typical kind of people who hang on /. (ultra curious geeks, etc.)

The thing is that, there's the rest of the world, we're a bit north of 7 billion of humans on this planet.
Out of them not every one last of them thinks the same way as us.

Some just want an appliance, a thing that just works when they push a button.

There are people who can rebuild the old faulty electrical wiring of a dilapidated house.
and there are the people who just want the light to turn on when they push a button and are happy to give money to someone else to make it happen and don't *want* to give a damn about what's going on under the hood.

Apple, and the "walled garden" type of application platforms try to solve this regarding phone.
There are people who (for a good reason) release that they have a full blown personal computer in their pocket.
And there are people who just want to talk to their friends and send funny pictures of cat, and don't want to give a flying fuck about what an "operating system" is.

The only thing which I'm not happy with and which several people have talked in this thread, is that some like Apple and lots of Android manufacturer want to give you NO ALTERNATIVE to the walled garten, they do not give you the key to the main gate of the metaphorical garden's wall.

I would prefer phone that are locked-down BUT can be unlocked and put into developer mode if desired by the owner ( <- dear phone companies, please note the word and stop considering us as rental. We paid it, we own it, thanks).

---

Also a thing to think about is that some point in the future, the big fat warning upon activating the dev mode won't be enough.
- People get desensitized by clicking "Okay" on any pop-up warning. (Same problem that windows have since they introduced UAC due to problematic software that can't run on anything but admin mode).
- The "dancing pigs" problem : people are ready to follow any weird complex instructions from shady corners of the web just to get access to the funny video of dancing pigs (like installing some horrible spyware/botnet node that pretends to be a video player and codecs for the video). You can predict that if one day when the walled garden gets a little too efficient at rejecting malware to the taste of attacker, youtube bot-channels are going to pop up with "howtos" tutorials explaining how to put the smartphone in dev mode to side load "the best app to send video of kittens around" prompting even grandma to shoot themselves in the foot security-wise.

We'll have to think and prepare how to deal with this in the future (if we don't the manufacturing companies will choose the "more DRM" solution instead for us).