Google may soon vet APK downloads with biometrics to curb malicious content
Posted intechnology News

Google may soon vet APK downloads with biometrics to curb malicious content

June 17, 2024No Comments


Summary

  • Google is considering adding biometric authentication for sideloading unverified APKs to improve security.
  • Currently, Google Play Protect offers to scan sideloaded APKs the tool hadn’t previously vetted, but this prompt can easily be dismissed.
  • Latent code found in the latest Google Play app suggests this warning message will require biometric or PIN authentication in order to be dismissed in the future.




One of Android’s biggest strengths is its flexibility, so it’s your prerogative to sideload APKs from third-party sources if you don’t want to rely on the Google Play Store for apps. While there are many benefits that can come with APKs, there are also risks associated with downloading them from unidentified sources. The Google Play Store does a more thorough job of vetting apps for security threats. Now, it’s continuing to expand upon its efforts to do so device-wide.

An illustration with blue and purple bubbles as well as the TapTap logo

Related

The 11 best Google Play Store alternatives for apps and games

Sick of Google’s Monopoly, perhaps it’s time to seek out competing digital media marketplaces


According to an APK teardown performed by code sleuth AssembleDebug on behalf of Android Authority, inactive feature flags in Play Store version 41.4.19 seem to suggest Google may eventually launch biometrics to vet APK sideloading. As seen through a flag, the feature would work by requiring either a PIN or biometric authentication prior to installing an APK that Google Play Protect hadn’t scanned before. This form of verification would also be triggered by attempting to update an existing app with an APK.

For now, the feature is not live, but the fact that AssembleDebug was able to activate it after some tinkering suggests it could roll out soon enough. As it works right now, Google Play Protect pops up with a warning offering to scan the APK you’re attempting to sideload, provided the system had not previously encountered and scanned that APK. This warning can be easily dismissed with an “Install anyway” button, but once this new feature goes live, you would need to verify ownership of the device with your biometrics or lock screen passcode in order to “Install app without scanning.”



Android 15 will further enhance Google Play Protect with AI

As Google continues to develop Gemini, its large AI initiative, it’s looking for new ways to leverage the technology to benefit the security Android devices. Android 15, for instance, is expected to have several features designed to prevent bad actors from infiltrating the operating system. In the future, devices may be able to immediately notify users if they are connected to an unsecured cell network — an unsafe network could increase the chances of text messages leaking, for example. Google is also thought to be working on a feature that may limit the permissions third-party APKs have once added to a device. For now, many of these projects are still in the works, and some may never officially launch — but that doesn’t mean they aren’t on Google’s radar.


The latest on Android 15.

Further Reading

Google’s using AI to fortify Android 15 and the Play Store against next-generation attacks

Google deploys cutting-edge AI-powered protections to shield Android devices





#Google #vet #APK #downloads #biometrics #curb #malicious #content,
#Google #vet #APK #downloads #biometrics #curb #malicious #content

Tags:

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *