Google Infuses Android APKs With DRM For App Authenticity Verification And Security
Google is rolling out something akin to DRM for Android APKs as a way to verify that apps originated from the Play Store. Rogue apps that are malware-ridden are running rampant these days, so this is just an extra layer of security that Google is implementing to help safeguard Android users from attacks.
The new DRM has a single goal, and that is to allow users to be certain that an app they are using is genuine and hasn't been tampered with. The number of apps that have been found with malware inside or to be outright fake is ever growing in the Android realm. Late last year it was found that a fake WhatsApp app had racked up over a million downloads.
To be clear, Google isn’t billing this as a DRM, it's simply saying that it is adding a "small amount of security metadata on top of APKs to verify that the APK was distributed by Google Play." Google says that the impetus for rolling out the new system was to help developers reach a wider audience in countries where it's common for people to share apps peer-to-peer. This is common in some countries due to the cost of data plans and limited connectivity.
By adding this new security metadata, it becomes possible for authenticity determination even if the device isn’t online when it receives the app. Google will use the system not only for apps via Google Play, but for apps distributed via third-party sites that are Play-approved. For now, the big push for the new metadata is to developers rather than directly to Android users. It's hard to see the ability to verify that apps are legit as anything other than good for the Android platform.