Google adds anti-tampering DRM to Android apps in the Play Store
Google has made a small change to Play Store apps that could prove a significant help to the security of your Android phone. The company is now adding a “small amount” of security metadata to Android APKs to be sure that they were distributed through the Play Store or an approved channel. This will make it possible to verify an app even you’re offline, Google said, making it possible to officially add that title to your store library and receive updates through Google’s portal. It’s digital rights management by another name, as Android Central observed, but that doesn’t necessarily mean there’s reason to panic — it may ultimately be helpful, even if there are legitimate concerns.
This is primarily helpful in developing areas where people don’t always have reliable data, and may have to go through a peer-to-peer portal or another channel beyond Google’s own. The DRM addition should help them download apps with a reasonable assurance that they’re getting the real thing, not a surreptitiously modified rogue app that could compromise their handsets. It’s no secret that malware writers will sometimes bury malicious code in familiar-looking apps, and this might catch the trickery before it compromises a device.
Simultaneously… well, it’s DRM. As with media services, there’s the potential for companies to use DRM to determine how and when you use their apps. It might be difficult or impossible to tinker with an app (say, to remove ads) without stripping the DRM. There’s also the chance that a developer could force you to move to a newer version of an app by altering the metadata and preventing you from installing earlier versions that you might prefer. As good as this may be for mobile app security, it’s possible that developers will misuse this to exert more control over how you use their software.