[Update: Video demo] Google’s Advanced Protection Program may soon block sideloaded apps [APK Insight]
Google’s Advanced Protection Program, an initiative to help protect the Google Accounts of those who are “most at risk,” may be getting a new protection feature on Android devices to block sideloading, according to the latest Play Store update.
About APK Insight: In this “APK Insight” post, we’ve decompiled the latest version of an application that Google uploaded to the Play Store. When we decompile these files (called APKs, in the case of Android apps), we’re able to see various lines of code within that hint at possible future features. Keep in mind that Google may or may not ever ship these features, and our interpretation of what they are may be imperfect. We’ll try to enable those that are closer to being finished, however, to show you how they’ll look in case they do ship. With that in mind, read on.
Those who have signed up their Google Account for the Advanced Protection Program are given an even higher level of security for their accounts and devices. Physical security is involved by using a Titan Security Key, while digital security is the main priority. For example, on Google Chrome, Advanced Protection members are prevented from or strongly warned against downloading “risky” files.
The Google Play Store received an update this week to version 17.8.14, and with it, we’ve found a strong indication of the next big safety feature for Advanced Protection, app blocking.
<string name=”advanced_protection_dialog_title”>App blocked by Advanced Protection</string>
<string name=”advanced_protection_dialog_message”>”For additional security, Advanced Protection won’t allow apps from outside the Google Play Store.”</string>
Pretty clearly, this sounds like the Google Play Store will be able to prevent Advanced Protection users from sideloading apps. Digging into the code, it appears that this sideloading protection can be enforced on devices that have even one Advanced Protection account signed in.
Blocking new install from unknown source for Advanced Protection user
Allowing install because there are no Advanced Protection users
Preventing Advanced Protection accounts from sideloading apps altogether seems a bit heavy-handed, and it looks like Google may also offer an alternative choice for those who need Android apps that are not on the Play Store. Instead of simply blocking the sideloaded apps, the Play Store can be required to scan them with Play Protect before allowing the install.
Play Protect enabled for Advanced Protection users
Advanced protection requires scans for any apps that come from outside the Play Store. You’ll get a notification if there’s a potential security threat.
We’re not sure when these sideload blocking features are intended to go live, but our Dylan Roussel was able to enable some of the UI now, including the new message on the Play Protect page.
Update 12/6: With a bit more effort, Dylan was able to fully enable the new Advanced Protection Program features of the Google Play Store, and captured them on video. In the first demo, when attempting to sideload an update to Files by Google, Play Protect first scans the APK file before allowing the installation.
In the second, Play Protect altogether prevents the installation of an app that is not found in the Google Play Store. We didn’t change any other settings to trigger this behavior, which indicates that those in the Advanced Protection Program could potentially be limited to apps that can be found in the Play Store, when sideloading.
Given that these features are already functional once enabled, it may not be long before the sideload protections arrive for those who enrolled in the Advanced Protection Program.
Hopefully, these sideload safety features will not be forced upon all Advanced Protection members, as there are surely many who rely upon non Play Store apps who also need the kind of safety that the Advanced Protection Program offers.
Dylan Roussel contributed to this article
FTC: We use income earning auto affiliate links. More.