Google is working on its pledge to increase app security by adding an additional layer of metadata to APKs. The idea here is that it will allow Android to verify the authenticity of apps, even if the device is offline. Allowing people to safely share those apps through other channels.
According to the company, the goal is to help people in areas with poor internet connectivity or expensive data plans. Which seems to imply that Google is seeing a lot of Android users installing apps through methods other than the Play store. A move that isn’t exactly unusual, but carries with it some security risks as cybercriminals upload malware laden versions of legitimate apps.
This new security metadata will only work through Google’s own Play-approved distribution channels. But, it will allow those apps to be added to the user’s Play library and receive updates normally.
While Google claims that this move will increase the channels for app developers to distribute their work, it does look suspiciously like inserting DRM into apps. Not that this is necessarily a bad thing. The company has been looking for ways to increase the security of its platform while still keeping it open, and is perhaps the least intrusive manner to approach the problem.
[Source: Android Developer Blog]
