Sideloading is one of the things that makes Android what it is, but it can also easily be abused. To help protect users, Google is making some adjustments in Android 15 that further restrict what a malicious app could do when sideloaded onto a device, but also what users can do with these apps too.
Back in Android 13, Google introduced a new layer of protection against potentially malicious sideloaded apps by preventing them from accessing features designed for accessibility. However, if the user wanted to, that layer could be disabled and the options that the app was restricted from using could be manually granted.
Google is further enforcing this in Android 15.
As noted by Android Authority, Google has updated this layer of protection in Android 15 to include more types of restricted settings and roles for sideloaded apps.
The added restrictions include preventing sideloaded apps from listening to notifications, acting as a default dialer or SMS app, running on top of other apps, or acting as a device admin. These are powerful and/or sensitive permissions that, if a malicious app had access to, could result in personal data being at high risk.
Google requires in Android 15’s CDD (Compatibility Definition Document) that the following permissions are restricted for sideloaded apps:
- Special permissions
- Accessibility
- Notification listener
- Device admin
- Display over other apps
- Usage access
- Roles (Default apps)
- Dialer
- SMS
- Runtime permissions
- SMS
However, like in Android 13 and forward, an option is still required in Android 15 to allow the user to manually allow these restricted settings to be used. So the choice is still there, the added restrictions just prevent more forms of abuse by default.
Android 15 is set to start rolling out soon, with the update scheduled to land on Pixel next month.
More on Android 15:
- The small changes I’m looking forward to in Android 15
- Android 15 released to AOSP, Pixel update in ‘coming weeks’
- Google’s Android 15 statue is pretty ‘vanilla’
Follow Ben: Twitter/X, Threads, Bluesky, and Instagram
FTC: We use income earning auto affiliate links. More.
Comments