Google adds DRM to Android APKs to verify the authenticity of apps from Google Play
DRM is something that's usually associated with streaming music and video, but there's no reason that it can't be put to other uses. Proving this, Google has started using a form of DRM to improve app security by verifying that APKs originate from the Play Store. It's a system that works much like signed drivers in Windows.
The aim is simple: to improve the security of Android users by ensuring that they are using genuine apps that have not been tampered with in any way. Google is not referring to the new system as DRM, saying instead that it is adding a "small amount of security metadata on top of APKs to verify that the APK was distributed by Google Play".
- Google Account revamped -- increased transparency and new security and privacy options
- Google launches Podcasts app for Android
- Google updates Android Messages so you can send texts from the web
Google says that one of the reasons the system has been introduced is to "help developers reach a wider audience, particularly in countries where peer-to-peer app sharing is common because of costly data plans and limited connectivity".
It means that it will be possible to determine the authenticity of app, regardless of whether a device is online or not. It will be used not only for apps obtained through the Play Store, but also "through Play-approved distribution channels". Google says:
We'll be able to determine app authenticity while a device is offline, add those shared apps to a user's Play Library, and manage app updates when the device comes back online. This will give people more confidence when using Play-approved peer-to-peer sharing apps.
This also benefits you as a developer as it provides a Play-authorized offline distribution channel and, since the peer-to-peer shared app is added to your user's Play library, your app will now be eligible for app updates from Play.
At the moment, it seems that Google is only really selling this idea to developers, not Android users. In a post on the Android developer blog, the company says:
No action is needed by developers or by those who use your app or game. We're adjusting Google Play's maximum APK size to take into account the small metadata addition, which is inserted into the APK Signing Block. In addition to improving the integrity of Google Play's mobile app ecosystem, this metadata will also present new distribution opportunities for developers and help more people keep their apps up to date.