Xiaomi, one of the biggest phone manufacturers in China, wants to prevent APKs from being extracted from Android devices, but thankfully Google disagrees with the idea.
Over the years, the ease of extracting and sharing APK files (used to install apps) has been a significant benefit for the Android ecosystem. For example, if a recent update to an app causes major issues, you can go to a crowdsourced website like APKMirror to download an older version until the problem is resolved. Or, if you only have a limited amount of data, you can have a friend locally send you the APK file of a game or app update to install. Our APK Insight team will also make use of these same files to find hints of unreleased features.
That said, not all companies seem to feel the same way about people perusing their app’s code and files. As shared by Mishaal Rahman on Twitter, a Xiaomi developer has submitted a proposal to the Android Open Source Project that would outright prevent Android device owners from copying APK files off of their phone. The reason cited is a desire to protect “private resources.”
Do not allow shell to obtain data apk
Apk may include some private resources, so we should not allow others to pull it.
Instead, the Xiaomi developer suggests that apps should only be available from the Google Play Store or another trusted app store. Thankfully, Google appears to be directly opposed to the proposal, though not always for the reasons you might expect.
One Googler takes time to point out the flaw in the Xiaomi proposal, that it would and should only block APK files from being extracted on a normal (“user”) build of Android. In that situation, the Googler posits, enthusiasts would simply install a debug build of Android and continue extracting APKs as normal. By that line of logic, they are opposed to Xiaomi’s method of protection as it wouldn’t actually protect anything.
Going a step further than that, multiple Googlers have spoken up against the idea that the contents of an APK file can ever be considered secret.
Can an APK ever be considered private?
I don’t think there should be an expectation that the contents of an APK will remain secret. I am not sure why we would even want that, and even if we wanted, then there is really no way we can assure this, even with this change
Overall, it seems abundantly clear that Google is not receptive to the idea of making it harder to extract APK files from your device, a good sign for the open future of Android’s app ecosystem.
More on Android:
- Android apps on Windows 11 will soon be running on Android 12.1
- Android 11 takes the top spot in 2022 distribution chart; Android 12 still missing
- ‘Protected by Android’ is Google’s new security branding for the OS
FTC: We use income earning auto affiliate links. More.