Slashdot Mirror


Google is Adding Anti-Tampering DRM To Android Apps in the Play Store (androidcentral.com)

Google has introduced a small change to Play Store apps that could significantly protect several Android users. From a report: Earlier this week, Google quietly rolled out a feature that adds a string of metadata to all APK files (that's the file type for Android apps) when they are signed by the developer. You can't install an application that hasn't been signed during its final build, so that means that all apps built using the latest APK Signature Scheme will have a nice little chunk of DRM built into them. And eventually, your phone will run a version of Android that won't be able to install apps without it.

2 of 177 comments (clear)

  1. Now you know your malware is legitimate. by NextApp · · Score: 5, Interesting

    This does nothing to solve the malware problem on Android, because the malware is being distributed by "legitimate" vendors directly on the Play Store.

    I get complaints of full-screen video ads in my ad-free apps from users who have never side-loaded anything. Malicious apps are launching them from the background, which is against the TOS, but technically trivial to do. If they get caught, they either call it a bug or start another company/product-line.

    As far I can tell, Google promotes the highest revenue generating apps...so the dirtier the tactics you use, the more you succeed.

    The bad apps do take a beating on reviews from legitimate users, but this is worked around by the developers posting massive quantities of fake reviews. It's presently somewhat easy to spot, legit apps will have reviews that are generally 1-3 sentences long, while fraudulent ones will have pages of 1-3 word reviews (often clustered together). Google doesn't seem to care though, as even some of the most popular apps are doing this to counter backlash from ever more ridiculously aggressive in-app advertising.

    And then of course there's the problem that the average app today is so invasive of privacy that it would have been deemed outright malware ten years ago.

  2. Kill switch? by rsilvergun · · Score: 5, Interesting

    that's why Mozilla started signing apps. It gives them a kill switch in case a plugin author sells their plugin to someone dishonest. There's been a few moderate profile cases of it happening (nothing more than a few hundred thousand users, which sounds like a lot until you realize how many FF users there are).

    --
    Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/