Google is Adding Anti-Tampering DRM To Android Apps in the Play Store

Google has introduced a small change to Play Store apps that could significantly protect several Android users. From a report: Earlier this week, Google quietly rolled out a feature that adds a string of metadata to all APK files (that's the file type for Android apps) when they are signed by the developer. You can't install an application that hasn't been signed during its final build, so that means that all apps built using the latest APK Signature Scheme will have a nice little chunk of DRM built into them. And eventually, your phone will run a version of Android that won't be able to install apps without it.

Yes, only "several" will be protected

[macraig]

And the rest of us must suffer the mighty fist of dictatorial oppression?

Re:Yes, only "several" will be protected

[b0s0z0ku]

The problem is when all of the large device makers end up cramming this filth down their users' gullets.

Re:Good idea

[b0s0z0ku]

So hide the ability to install unsigned or non-Play-Store apps, but don't prevent it entirely. Hiding it in Developer Options after a big, fat disclaimer should be enough, frankly.

And no, the world doesn't need more Crapple-style paternalism where a bunch of do-gooding censoring pricks in Cupertino decide which apps are good enough for users to run. It's not only safety-based -- Apple has been known to ban political games or things which they find to be in poor taste.

APK Signature Scheme?

[b0s0z0ku]

APK Signature Scheme = A.S.S. Not the best choice of acronym.

Re:How will sideloading work?

google is trying to wall the garden in like apple (has mostly been able to do).

soon only approved and signed software of any kind will run.

rooting your device will be a thing of the past.

side loading will be a thing of the past.

as google pushes more for delivering updates themselves instead of relying on hardware or carrier partners, expect the (forced upon you) updates to kill any hacking or rooting you've done or 'unauthorized' apps you've managed to install.

having any control of any kind over YOUR hardware will be over.

developers will probably be able to purchase a dev kit to run apps they, and only they, are working on.

expect a similar treatment for chrome browser and chromebooks.

Re:How will sideloading work?

[110010001000]

Expect a similar treatment for ALL COMPUTERS and devices connected to the Internet. Don't think it will happen? Just wait.

Now you know your malware is legitimate.

[NextApp]

This does nothing to solve the malware problem on Android, because the malware is being distributed by "legitimate" vendors directly on the Play Store.

I get complaints of full-screen video ads in my ad-free apps from users who have never side-loaded anything. Malicious apps are launching them from the background, which is against the TOS, but technically trivial to do. If they get caught, they either call it a bug or start another company/product-line.

As far I can tell, Google promotes the highest revenue generating apps...so the dirtier the tactics you use, the more you succeed.

The bad apps do take a beating on reviews from legitimate users, but this is worked around by the developers posting massive quantities of fake reviews. It's presently somewhat easy to spot, legit apps will have reviews that are generally 1-3 sentences long, while fraudulent ones will have pages of 1-3 word reviews (often clustered together). Google doesn't seem to care though, as even some of the most popular apps are doing this to counter backlash from ever more ridiculously aggressive in-app advertising.

And then of course there's the problem that the average app today is so invasive of privacy that it would have been deemed outright malware ten years ago.

Re:Good idea

[WaffleMonster]

The article is dismissive of the direction this is heading, but in a world where 99% of the people using a mobile device simply have no ability to manage digital security, you just can't continue to allow people to install something from anywhere.

Of course you can. It's done by creating operating systems not full of swiss cheese escalation vulnerabilities and giving users meaningful access controls that never devolve into take it or leave it demands of software.

Google refuses because it eats into profits of themselves and app developers. God forbid a user is able to feed fake location, address book and phone data into malware they downloaded from Google play store or restrict access to resources... App developers would riot. Owning users is the business model of the everything must be FREE app store market.

As a technical user I absolutely want there to be way more open options where people with technical ability have a lot of freedom as to what they can do, and I'm sure some Android devices will continue to provide that.

Damn straight!! The peasant class doesn't deserve no stinking freedom. They can't handle it. All Hail King Alphabet ruler of all teh Intertubes.

But the world also absolutely needs Apple-level closed off system like the App Store that protects people who cannot protect themselves from remote exploitation and harm.

Good grief, let me know when all the malware in the Google app store is gone. Really perverse aspect of these arguments is the failure to understand app stores themselves are responsible for creating "race to the bottom" market incentive that only fuels development of malware and resulting 0wnage of millions of users.

This is nothing more than being as evil as possible for financial gain while blurting out "SECURITY" as justification for everything. No different than Facebook saying it needs to do cross site tracking of everyone everywhere in order to protect Facebook.

The ONLY problem is proliferation of defective operating system jails and associated access controls.

Re:Self-fulfilling idio(crac)y!

[Computershack]

The only reason people behave so damn retarded with regard to computers ... and I mean on a level that qualifies as literally mentally disabled ... is because tech firms have treated people like non-independent retards until they were.

No, its because there are millions of people using computers today who just 25 years ago wouldn't have the basic knowledge to even work out how to put the system they'd bought together, let alone how to get online. Once upon a time using a computer required a reasonable amount of technical knowledge or at least an IQ sufficient enough to learn.

Re: Good idea

[bluelip]

It's not about security. Google is doing this to lock-in users to their ecosystem. They realize users are starting to look elsewhere for software because of the privacy issues. This step is about adding another course to the wall around the garden rather than protecting any user.

Kill switch?

[rsilvergun]

that's why Mozilla started signing apps. It gives them a kill switch in case a plugin author sells their plugin to someone dishonest. There's been a few moderate profile cases of it happening (nothing more than a few hundred thousand users, which sounds like a lot until you realize how many FF users there are).

Re:Good idea

[swillden]

The article is dismissive of the direction this is heading, but in a world where 99% of the people using a mobile device simply have no ability to manage digital security, you just can't continue to allow people to install something from anywhere.

Of course you can. It's done by creating operating systems not full of swiss cheese escalation vulnerabilities

So, step one is to do what no one has ever managed to do in the history of widely-used consumer operating systems. You have an extraordinarily high opinion of Google's engineers. Thank you, but we're not that good. If you are, please send me your resume.

and giving users meaningful access controls that never devolve into take it or leave it demands of software.

That was done in Android 6.0, in 2015. Unfortunately, Android fragmentation means that it's not yet possible to force all apps to use it, because there are still too many older OS versions in active use. I think we should be able to do that in the next year or two, but that's only my guess, and it's not my area of expertise.

God forbid a user is able to feed fake location, address book and phone data

For address book data, I think the better solution is not to give apps access to the address book at all. Instead, give them a system API that allows them to request that the system throw up an address selection dialog, and then give them only the data the user chose. Unfortunately, that would be a huge change for the app ecosystem, so it would have to be done carefully, and even when done it would take time to roll out and convince app developers to adopt it. Also, users won't want to be restricted to only default address book management tools, so we'll still have to provide a permission that allows unlimited access, though hardly any of the apps that have address book access now would need it under this notional model.

As for fake data... I don't know. There's a lot of debate about that. I don't think anyone is philosophically opposed (and no one cares about the alleged financial considerations that you're so certain drive us), but no one really believes it will work, either. It'll just produce an arms race between fake data generators and fake data detectors. And it would also make spoofing of location-based games, etc., completely trivial, which negatively impacts the users of those games, as well as the developers. All in all, it seems like a lot of effort for little net gain, if any.

App developers would riot. Owning users is the business model of the everything must be FREE app store market.

Overstated, but not fundamentally wrong. It definitely is true that the Android team wants to serve developers as well as users, because a platform has to have both to exist. And device makers, too.

Damn straight!! The peasant class doesn't deserve no stinking freedom. They can't handle it. All Hail King Alphabet ruler of all teh Intertubes.

This is isn't the Android team's approach or perspective at all. There's a reason that Nexus and PIxel devices have always had unlockable bootloaders. It's because Google believes that technical users should have control of their devices. With Project Treble new devices are now in a state where you can flash a custom AOSP build onto any device you can unlock, without needing to worry about vendor binaries... it's taken a huge amount of work to get to that point, and while most of the reason for doing it is to fix the upgradability problem (and resulting fragmentation problem), making life easy for modders and makers of custom ROMs is part of it, too.

I host a regular conference call for talking to key players in the modding and rooting community, which the specific goal of helping my team to understand how we should best design to make their lives easier. I love to see technical users doing interesting thi