Google is changing how the Play Store verifies the authenticity of applications hosted on the platform before their installation. The search giant is planning to modify the header of APK files to include a new metadata field that will contain the app’s file signature.
Android apps previously did not include this field because they didn’t need it since Google-approved apps could be installed only via the official Play Store. The Play Store checks all these applications in the background before their installation and even checks them for security using Play Protect. With the addition of an app file signature to the APK itself, Google wants to make it easier for users to download official apps from the Play Store and distribute them via other channels.
The change will make it easier to install applications even when you are offline. “One of the reasons we’re doing this is to help developers reach a wider audience, particularly in countries where peer-to-peer app sharing is common because of costly data plans and limited connectivity,” James Bender, Product Manager of Google Play told Bleeping Computer.
Now, when you try and install an application via any of the peer-to-peer app sharing networks, the Play Store app will verify the additional metadata field and will be able to determine whether the app came via the official Google Play Store. It will then allow the installation and sync it with the phone’s official app inventory.
Whenever the user goes online, the app will be automatically queued to receive updates from the Play Store. The feature will broaden the app distribution network and remove the burden of getting updates from those unofficial channels as well. Some security researchers are raising concerns that this would allow malicious apps removed from the Play Store to be redistributed via new channels.
Watch: Samsung Galaxy S9+ Video Review
Google says this change will be seamless for both Android users and developers. The search giant will be handling all the updating tasks. “We’re adjusting Google Play’s maximum APK size to take into account the small metadata addition, which is inserted into the APK Signing Block,” Bender added.