Android developers now have a way to prevent users sideloading their apps, and users are seeing the effects. Google Play Integrity API, which was released in June, blocks sideloading.

Sideloading refers to the process of installing apps from sources other than Google's official Play Store. It used to involve downloading an APK file onto your PC then installing from there onto your phone over a USB connection. This then widened to include any APK file that you know the URL of.

From a developer's viewpoint, this wasn't necessarily a good thing; sideloaded apps don't count to your Play Store metrics, and there's no easy check on the device using the app to make sure it's running the right version of Android, and includes all the necessary assets.

Now developers can use the Google Play Integrity API to make sure that "interactions and server requests are coming from your genuine app binary running on a genuine Android device."

Google introduced the API in June, and says that by detecting potentially risky and fraudulent interactions, such as from tampered app versions and untrustworthy environments, your app's backend server can respond with "appropriate actions" to prevent attacks and reduce abuse.

The API can also tell you whether apps are running that could be used to capture the screen, display overlays, or control the device.

The predecessor to the API was called SafetyNet Attestation, but the API has more features for developers. You can call the API at any point in their app to get an "integrity verdict", then work out what you want to do. Some apps call the API on launch and block access if the device isn't deemed trustworthy. Alternatively, you can choose to call the API when the user selects a sensitive action.

The benefit of the API is that it takes care of working out whether a device and its software environment are "genuine."  While the API was first shown off at Google's I/O conference in May, the effects are becoming more widely apparent now. People attempting to sideload apps are reporting they see a screen telling them to "Get this app from Play" with no way around it.

While the protection offered by the API seems mostly beneficial, some users have pointed out that it does shut down the option of getting an older version of an app and sideloading it when you have an older phone and the newest version of the app refuses to install. Play Store used to show potential users the most recent version of an app that would work on your Android version, but it now just tells you that you need a more recent version of Android and leaves you with no way to proceed.

More Information

Overview of the Play Integrity API

Related Articles

Google Offers One Time Payment - Devs Get Nothing

Windows 8 Sideloading Enhancements

Developer's Facility Used To Create Open Apple App Store

Huawei Intends To Challenge iOS and Android

Epic Games CEO Finally Notices That UWP Apps Are A Walled Garden

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

Comments

Make a Comment or View Existing Comments Using Disqus

or email your comment to: comments@i-programmer.info