comscore Google is adding app file's signature to the APK as additional tool for verification | BGR India

Google is adding app file's signature to the APK as additional tool for verification

However, some security researchers believe this could make it easier to transfer malware-induced apps.

  • Published: June 25, 2018 5:38 PM IST
Google play store

Google is changing how the Play Store verifies the authenticity of applications hosted on the platform before their installation. The search giant is planning to modify the header of APK files to include a new metadata field that will contain the app’s file signature. Also Read - Google says Android 10 had faster adoption than any version

Also Read - New leak says Google to launch three Pixel phones this year

Android apps previously did not include this field because they didn’t need it since Google-approved apps could be installed only via the official Play Store. The Play Store checks all these applications in the background before their installation and even checks them for security using Play Protect. With the addition of an app file signature to the APK itself, Google wants to make it easier for users to download official apps from the Play Store and distribute them via other channels. Also Read - Google for India 2020 event to take place on July 13: This time it's 'Virtual Edition'

The change will make it easier to install applications even when you are offline. “One of the reasons we’re doing this is to help developers reach a wider audience, particularly in countries where peer-to-peer app sharing is common because of costly data plans and limited connectivity,” James Bender, Product Manager of Google Play told Bleeping Computer.

Now, when you try and install an application via any of the peer-to-peer app sharing networks, the Play Store app will verify the additional metadata field and will be able to determine whether the app came via the official Google Play Store. It will then allow the installation and sync it with the phone’s official app inventory.

Whenever the user goes online, the app will be automatically queued to receive updates from the Play Store. The feature will broaden the app distribution network and remove the burden of getting updates from those unofficial channels as well. Some security researchers are raising concerns that this would allow malicious apps removed from the Play Store to be redistributed via new channels.

Watch: Samsung Galaxy S9+ Video Review

Google says this change will be seamless for both Android users and developers. The search giant will be handling all the updating tasks. “We’re adjusting Google Play’s maximum APK size to take into account the small metadata addition, which is inserted into the APK Signing Block,” Bender added.

For the latest tech news across the world, latest PC and Mobile games, tips & tricks, top-notch gadget reviews of most exciting releases follow BGR India’s Facebook, Twitter, subscribe our YouTube Channel.
  • Published Date: June 25, 2018 5:38 PM IST

new arrivals in india

Best Sellers