With as complex as modern software is, getting security right can be an extremely delicate balancing act. Obviously, no security at all results in a W

Google's beefing up Android app security, but not everyone's going to be happy

submited by
Style Pass
2024-12-04 07:00:07

With as complex as modern software is, getting security right can be an extremely delicate balancing act. Obviously, no security at all results in a Wild West situation where it’s all too easy for malware to ruin your day. But on the flip side, overly cumbersome security can lead down a road where app functionality is negatively impacted. On Android, Google offers developers the use of its Play Integrity API to securely verify the environment apps run in. Google’s now got some new Play Integrity upgrades incoming, and while this is generally good news for most of us, it’s likely to cause some headaches for others.

Play Integrity gives Android apps powerful tools to only operate under their own terms. That means that apps can make sure your phone’s not rooted, for instance, or that you’re not running a custom ROM. For years now, there’s been a back-and-forth between devs and users who are interested in pushing these boundaries, as the users find new ways to spoof attestation checks and convince apps to run where devs don’t want them to. But with the changes Google’s making to the Play Integrity API, the company says that spoofing will now be harder than ever.

There are also consequences for users who like to sideload apps, even when running on otherwise unmodified Android handsets. Play Integrity has introduced a check to make sure that apps were installed through the Play Store, and Google expects to see more apps fail this check with Play Integrity’s upgrades.

Leave a Comment