Google is moving to overcome one of the problems faced by users. There have been numerous cases of bad guys creating clones of legitimate apps but embedding malicious code in them.
It’s taking the first steps towards remedying that situation by forcing developers to sign applications at their final build and add some metadata to the APK (the executable application file that Android devices use) to “to help verify product authenticity from Google Play”. That’s a neat way of saying DRM is now part of the Android ecosystem.
The idea is that dodgy apps, that are distributed by malicious parties, won’t run on Android devices. This won’t create a completely walled garden, like the one Apple operates with their iOS ecosystem. Peer-to-peer app sharing will still work but Google said this will help determine app authenticity.
Google didn’t say DRM explicitly in their blog post describing the change but what they are doing is adding code to prove the veracity of something installed on your device. And while DRM has had a bad reputation, it can be used for good and not just making life harder for users. In this case, it’s being used to assist users with ensuring that the software they use comes from a reputable source.
The concern for many is that this is a step towards Android enforcing tighter controls that will stop users from side loading apps. But Google said “we’ll be able to determine app authenticity while a device is offline, add those shared apps to a user’s Play Library, and manage app updates when the device comes back online. This will give people more confidence when using Play-approved peer-to-peer sharing apps”.
So, it seems they’re trying to have a bet each way by allowing users to side-load apps, from outside the Play Store, while maintaining some level of app validation and supporting updates without forcing everyone into the Play Store for everything. If they can get this right and reduce the risks associated with side-loaded and dodgy apps then they’ll have pulled off a masterstroke.
While some are saying there are concerns with allowing “developers more control over how their apps are used”, the ability for developers to more easily update peer-to-peer loaded apps and verify developers may be the price that’s paid for that potential issue.
What do you think? Is this a good thing or the beginning of the end of the fully open Android ecosystem?
Leave a Reply
You must be logged in to post a comment.