Skip to main content

Google is adding DRM to all Android apps, but it's for the right reasons

Earlier this week, Google quietly rolled out a feature that adds a string of metadata to all APK files (that's the file type for Android apps) when they are signed by the developer. You can't install an application that hasn't been signed during its final build, so that means that all apps built using the latest APK Signature Scheme will have a nice little chunk of DRM built into them. And eventually, your phone will run a version of Android that won't be able to install apps without it.

What the hell? DRM? Why?

DRM is why Netflix used to only work on approved phones. But it doesn't have to be used for evil.

We can relax (for now). We all hate DRM (technically, Digital Rights Management) because of the way developers and publishers have abused it. DRM means you are being treated like a thief before you buy any software. A great example is having to install the Origin client and have it regularly be checked online to run any games published by EA.

EA doesn't trust that we paid for the software title so it forces us to present our papers when demanded. PC gaming is rife with DRM and applications like Steam or U Play exist for the very same reason. Other examples come from Sony, Disney, EMI, and every other entertainment publisher which decides where in the world you are allowed to listen to music or watch a movie that you paid for, or how many times you are allowed to do so.

So DRM is bad to the core. But not really. DRM is simply a way for a developer or publisher to keep track of software versions and authenticity. Sometimes you need to do that for the right reason.

As of now, Google's reason is right. That doesn't mean the company can't change its tune and go all out crazy (like EA) in the future and limit how, where, when, and why we can use the apps we paid for, but for now everything is good. Google added this metadata so you can buy an app from any approved distributor and it will work with Google Play Store features like family library and subscriptions.

Apps have to be "signed" to verify their contents. Adding metadata to this signature ensures we will have DRM in every app eventually.

Android can read the metadata automatically inserted into an app and verify that it's a legitimately sourced version and approved for use by the developer. If it passes these checks, it is added to your Google Play Store library. You'll be able to update through Google Play, use things like Google Play Games for leaderboards and achievements, or share an app with people in your Family Library. And the developer can change the metadata at any time with a new signing key, which ends support for the current version and creates a new listing in Google Play.

Google says it did this for two reasons — the first is a little worrisome, and it's to allow developers more control over how their apps are used. There is certainly potential for abuse there, but we have to wait and see if any developers get any bad ideas. The second is straight out of left field for most of us — many people live where data isn't affordable and available, so they share apps using peer-to-peer distribution channels. That doesn't mean these people are stealing apps. It means they can pay through a portal then use a peer-to-peer network to get their copy using as little data as possible.

Developers want us all to have access to the apps they create. More downloads mean more exposure and more income via sales or ad revenue. That's what app developers want.

Google may be using a fancy set of words to disguise the fact that Android apps will soon all have DRM inserted in a way that's difficult to remove and eventually your phone will need to be able to read it to install them. That's smart — it kept the internet from erupting in a frenzy of pitchforks and furor normally reserved for lootboxes or Comcast.

But it is DRM, and Google has very good reasons to be adding it. Let's all hope that everyone involved doesn't get any ideas about abusing it.

Jerry Hildenbrand
Jerry Hildenbrand

Jerry is an amateur woodworker and struggling shade tree mechanic. There's nothing he can't take apart, but many things he can't reassemble. You'll find him writing and speaking his loud opinion on Android Central and occasionally on Twitter.

111 Comments
  • "For the right reasons"? It's adding DRM to limit what users can do, and ultimately lock competitors out of their ecosystem. How is this any different than what DRM is always used for? Is there any user-hostile action that Google could take that Jerry would not agree with? I've never seen a Linux guy advocate for less user control, e.g., "root access it bad, and Google is right to lock it down," and "sure, DRM is fine if Google says it will make apps more secure."
  • How does this limit what users can do? If anything it lets us do more. There's potential for abuse. That's mentioned. But today, this is a good thing.
  • How does DRM -- which gives developers more control of how their apps are used -- let users do more? It's zero sum: in order to give developers more control, you have to take control away from someone else, i.e., users.
  • Because this does NOT give developers more control of how their apps are used. Read my comment further below.
  • Google is copying iPhone again?...if i wanted a iPhone i will get a iphone.
  • These DRMs only applies to apks from the Play Store. There's nothing wrong with what Google is doing.
  • There's potential for abuse in every area of life and the digital world though Jerry.
  • Not really, First off, your basically removing the ability to install from Unkown Sources, which is an automatic foul and a black eye to those who use the Amazon appstore on Android and who also use their phones as the test areas for apps that they developed themselves. Second, from my stand point and experience with jailbreaking/rooting, this is Google BEGGING you to root your device. In fact it won't JUST be rooting anymore, as your closing the platform, so it would take on the same process name as opening up Apple's platform (JAILBREAKING, as your TAKING AWAY COMPLETE CONTROL OF YOUR DEVICE FROM THE MANUFACTURER AND ASSUMING RESPONSIBILITY FOR THE OS AND EVERYTHING OPERATING ON THE DEVICE.) Also, giving more control to developers to CONTROL what users do with their app? Really now? IF YOU WANT COMPLETE CONTROL OF YOUR APP OR HARDWARE, DON'T RELEASE IT TO BEGIN WITH, BECAUSE ONE IT HITS THE MARKET AND SOMEONE AQUIRES IT, ITS SUBJECT TO THE WHIMS OF THE USER. IT DOESNT MATTER IF YOU PUT THE DIGITAL EQUIVALENT OF A "KEEP OUT" SIGN IN THERE, SOMEONES GONNA MODIFIY THE APP, PERIOD. Its the same way with hardware, people are gonna mosify it no matter how difficult it is to open. Thirdly, to make the DRM effective, youd have to remove the developer mode and the safe mode access, so then people dont get access to Androids equivalent of Window's command prompt. DO YOU SEE ALL THE ISSUES ASSOCIATED WITH THIS?! YOU DISCOURAGE THE AVERAGE CONSUMER TO DEVELOP FOR THE PLATFORM BY CLOSING IT OFF TO FUTURE DEVS, AND YOU MAKE RECOVERY OF THE DEVICE FROMWHAT COULD BE A FATAL CRASH MORE DIFFICULT. YOU MAKE ANDROID BORDERLINE iOS, AND THUS BORDERLINE UNUSABLE. IT WILL NO LONGER BE THE DESIRED PLATFORM FOR DEVELOPERS, AND YOU'D SOON SEE A NEW MOBILE OS ON THE MARKET TO COUNTERACT ALL THE BULL@#$+ BEING PUT OUT BY BOTH APPLE AND GOOGLE.
  • Could you please point me in the direction of where you found sidelining will no longer work?
  • Kinda glad about that appstore thing and Amazon, if that happens. But still the smartphone time, who's to say that the app wouldn't the signed in the amazaon app store anyway. Distribution is still distribution.
  • Makes no sense. Google is not going to block out devs from testing their apps on their own devices..
  • It's like the size of the store or the fact that it's not just one publisher i.e. EA means it's fundamentally different. I don't see the degree of separation between this and PC or console DRM. I don't sideload or pirate so no biggie for me, unless individual app makers decide to put a limit on devices or how many times it can be installed. So not a clear positive to me.
  • Because not all my (as a user) apps come from Google Play. Not all my apps are allowed on Google Play. I play games from Nutaku.net, for example. Those are NOT getting on Play Store.
  • What would those reasons be they aren’t getting on the play store? One can only imagine....
  • It's bad for those of us who back up apks because devs often change the UI or the latest introduces bugs. If the signature is changed and it won't sideload, you're stuck with a broken app until they decide to fix it. Not. Good.
  • Velvet: That's what I do. There are some very good app it there but then you get an update and is full of ads or they took things out of the app. I always field copies so if I don't like the new version, I can just installed the version I like.
  • Obviously Jerry is nothing but a paid shill for Google. Or an incredibly naive simpleton who doesn't know how to use past history as a guide for the future. It's either one, or the other!
  • Or as he stated, this isn't the end of days...yet. You gotta read it to understand it.
  • I love this line: "it kept the internet from erupting in a frenzy of pitchforks and furor normally reserved for lootboxes or Comcast."
  • More control for Big Brother is coming...😶
  • I'm wondering why you didn't use the word "security" once in this article? That had to be a conscious choice seeing as the developer's blog post announcing the feature refers to this metadata as "security metadata" being added for the purpose of "app security." Is it because playing the security card is such a wellworn rhetorical cover for taking away rights and privileges?
  • "Is it because playing the security card is such a wellworn rhetorical cover for taking away rights and privileges?" Indeed! It's being used as such a catchall these days, it seems that companies are using it for carte blanche. "In order to ensure the security and continuing stability, the Republic will be reorganized into the First Galactic Empire, for a safe and secure society!" - Emperor Palpatine
  • Then Palpatine orders the destruction of planets. Define “safe” again?
  • Ain't that the truth... DRM falls into that kinda "safe and secure", IMO...
  • It might. Too early to tell yet.
  • The way I see it, this has little to do with security and is more of a developer relations boon. Google Product Managers can have one opinion and I can have another :)
  • A step taken towards the death of "install from unknown sources".
  • What a shame, one can only hope that someday a true free and open GNU/Linux mobile OS emerges.
  • YES! That would be a perfect world!
  • I'm eagerly waiting for Librem 5 phone. As long as the battery can last me whole day, I'm buying it. It's $600 and will be released in January next year.
  • https://puri.sm/posts/librem5-smartphone-makes-major-strides-in-manufact...
  • You mean like AOSP?
  • Omg thatd be the day i die cause Id love it so much! Please someone, make this reality!
  • That's my take on it.
  • I don't see why that would be the case. Installing from unknown sources just means you are installing an APK file that you got somewhere other than the Play Store. I don't see why a third party source couldn't have a signed APK and still distrube it outside of the Play Store.
  • it mean's you Can't watch free Movies or get free paid games. might as well just get iPhone then?
  • Yeah, paying developers for their work, why do that.
  • APKs from outside the play store already have to be signed, you've either not read the article or misunderstood what it's about.
  • This is just the groundwork for the abuse to happen. Get everyone used to the Idea and then Whammy us when there is no other choice out there..
  • If you have "hope" that google and devs will use this for the right reasons then you're plain stupid!
  • This.
  • #factsmatter
  • I don't know... DRM feels like thrall to me. I'm all for restrictions to a point, but when DRM has ever been involved it just feels like subjugation.
  • Yeah exactly. I remember when this was built upon an open source project with the freedom to not be married to the OEM. I see no reason to avoid being herded to the apple market with more solid hardware. You can justify it however you want, but DRM is exactly the reason I didn't marry myself to the iPhone platform. If all I want is a platform with predictable performance and I do not weigh DRM Nazism, I would have just done that to begin with. Next we'll see them close the gap for side-loading apps altogether.
    It seems google thinks we're too invested in their Play market to jump ship. Not at all google. I'll drop you in a heartbeat if I think my privacy needs are better suited in the other market.
  • Did you seriously just use the phrase DRM Nazism?
  • How about DRMcommunism? Or how about DRMsocialism?
  • I'm hopeful {Please submit a longer comment (min 3 words).}
  • I think there are some misconceptions here. "Earlier this week, Google quietly rolled out a feature that adds a string of metadata to all APK files (that's the file type for Android apps) when they are signed by the developer."
    The new metadata is only there for apps distributed via Google Play or other "Play-approved distribution channels", not all APK files. "Google says it did this for two reasons — the first is a little worrisome, and it's to allow developers more control over how their apps are used."
    This does not enable developers more control over how their apps are used in any way, and Google doesn't even say so. The only thing this does is add metadata to an APK distributed via Google Play such that it can be recognized as coming from Google Play even when it's sideloaded. This means that an APK that you sideloaded but which was originally from Google Play will be recognized as such on your phone so the app will be added to your library and the app will become eligible to updates from the Play Store even though the app was sideloaded. This metadata is added during the publishing process (and we know this because no action is required by developers for this change). Developers have no say in this. And even if they did, this does not at all give them more control over how their apps are used. Why, because apps can already find out if they were sideloaded, so developers who want to restrict their app when it's sideloaded can already do that and this changes nothing about that. What this does is give developers more control over how they distribute their app, as they can distribute their app as an APK with the new metadata via other channels if they wish, or as an APK without the new metadata if that's what they prefer. This said, I disagree with the notion that developers having more control over how their app is used would be a bad thing. It's their app so they get to decide. Anything else smells like entitlement to me. Don't like a developer's policy, don't use their app. But I realize this may be an unpopular opinion in some places. "You can't install an application that hasn't been signed during its final build, so that means that all apps built using the latest APK Signature Scheme will have a nice little chunk of DRM built into them."
    Digital signing of applications is a pretty low bar for something to be called "DRM". Even so, under this perspective there has already been DRM the whole time because apps being signed is nothing new, so nothing has changed there. "And eventually, your phone will run a version of Android that won't be able to install apps without it."
    Says who? I get the potential for Google to do this is there but then again they could already restrict sideloading of apps if they wanted to. It is true that this could enable them to limit sideloading of apps to apps that are from Google Play. But would they really want to? The small amount of apps that are sideloaded instead of installed via Google Play is probably not worth the hassle, especially for the outcry in return. Instead, sideloaded apps that do not come from Google Play could be met with an additional warning during installation. Of course, I concede I could be wrong about this. Still, the way I see it, this measure per se is beneficial. There is potential for abuse by Google but then again, there already is plenty potential of that even without this. If Google chooses to abuse this, then the way they choose to abuse it will be the problem and not this specific measure.
  • This comment appears to have been researched more thoroughly than the article it is in response to. Great job! Maybe you can have Jerry's spot on the writing staff.
  • Bravo.
  • "This does not enable developers more control over how their apps are used in any way" "It is true that this could enable them to limit sideloading of apps to apps that are from Google Play. " "And eventually, your phone will run a version of Android that won't be able to install apps without it." Says who? It's added through the mandatory APK Signature scheme when an app is signed. You can't install apps that are unsigned (normally). You can't install apps that aren't signed through a valid version of the signing scheme. When the minimum version becomes 2.1(? whichever version is coming "soon") you will not be able to install apps without this new metadata included. ""You can't install an application that hasn't been signed during its final build, so that means that all apps built using the latest APK Signature Scheme will have a nice little chunk of DRM built into them." Digital signing of applications is a pretty low bar for something to be called "DRM". Even so, under this perspective there has already been DRM the whole time because apps being signed is nothing new, so nothing has changed there." Nothing has changed except for the APK Signature Scheme, that is. The part that now adds DRM. "Still, the way I see it, this measure per se is beneficial. There is potential for abuse by Google but then again, there already is plenty potential of that even without this. If Google chooses to abuse this, then the way they choose to abuse it will be the problem and not this specific measure." Which is exactly what the article says.
  • "you will not be able to install apps without this new metadata included."
    This is just an assumption you make and I think it is wrong for several reasons. One being that the change to include the security metadata is being rolled out right now without developer intervention while a new APK Signature Scheme would require a new Android version. The other is that the current APK Signature Scheme is flexible enough to support this already without needing a new version. There is no mention anywhere of a new scheme version coming for this. Check out the "format" section in the site about the APK Signature Scheme. There is no limit to the size of the "sequence of uint64-length-prefixed ID-value pairs" that is mentioned there. That's where the new metadata will most likely go, in fact this is strongly hinted at by Google: "We're adjusting Google Play's maximum APK size to take into account the small metadata addition, which is inserted into the APK Signing Block" - Well, guess what the APK Signing Block is, it's exactly where the sequence of value pairs goes. This also maintains backwards compatibility, see this detail: "ID-value pairs with unknown IDs should be ignored when interpreting the block." Even if this change was actually accompanied by a new signature scheme version, what you say would not necessarily be true: "you will not be able to install apps without this new metadata included". This assumes that the new signature scheme would have a data block somewhere that mandates specific content, namely the Google Play security metadata, without allowing different contents for that block, e.g. security metadata for apps without Google Play distribution and certification. I think you're trying way too hard for the whole "DRM" angle but you're basing it mostly on assumptions that do not make that much sense anymore when you look at them in detail.
  • It boils down to what Google intends to do with Android.
    The release of Nexus phones then Pixels leads me to believe Google thinks some phone manufacturerd are not showing their products in the best light.
    Google may be jealous of the control Apple has over iOS and is looking to clean up the mess that is Android a little bit at a time.
  • This may be it or at least play some part... One step of many to "tighten things up" a bit.
  • To me it seems a small step in trying to get more control - unknown sources - was the first thing that came to mind. Personally I still freak out over bloatware and having system level access for updates, possibly bypassing Google Play policies. And then we can go into Analytics. That may be the final goal - taking baby steps to get there. Dunno.
  • Android isn't a "mess" it's iOS that is a mess now. Android is about freedom to do whatever you want with your phone. Google is just tightening up Android to make it more secure. I just hope Google doesn't eventaully block us from downloading apps from outside the Play Store like ShowBox.
  • I like Android, I like choice but even you can't deny it's fragmented and hampered by bad UI's.
    Why do you think Android One exist?
  • Yes fragmentation is Android's Achilles heel I'll admit that but that's not Google's fault, it's the fault of Samsung, LG, HTC, etc with their bloated UIs. And you're right Android One exists for that reason.
  • How is not allowing packages to be installed unsigned considered DRM? You can't do this in a Linux OS either, at least not by default. Not with disabling key checking in you package manager config. If this is DRM, then all Linux distributions use DRM.
  • That's not what the article is about. Did you read it?
  • $ tar -xz myapp.tgz
    $ chmod ugo+x myapp
    $ ./myapp Not a single signature in the process and all linux os can do this, out of the box. So i have no idea what you are talking about.
  • Do someone Knows if Apple does The same?
  • Apple does much more. You cannot sideload at all on an iDevice, and every app has true DRM.
  • You definitely can't sideload, but you can definitely install third party IPA's. I've been doing that for the past few months! It's not difficult whatsoever and all you need to do is look in the right places...
  • Unfortunately with the rise of malware this had to happen. I do t have a huge issue with this per session.
  • How can 'P2P' app sharing limit your data usage for acquiring said app. If an app is 2MB, your gonna download 2MB to have it, regardless where you source that 2MB data stream from. In fact I would hazard a guess that using P2P means for app sharing means MORE data usage, not less, because after download your now sharing to the rest of the P2P crowd. I believe that premise of this article is extremely flawed and full of misinformation. At least from the Play Store you download your package and you are done with it. Now if you meant 'sideloading an app from well known online APK repositories' well that's both completely different from 'P2P' sharing like BitTorrent, and would actually see some data usage reduction as you'd download from a different (hopefully uncapped) internet connection and load that APK on to your phone by cable. I would also have to say that the latter, not the former, is the most obvious reason to include DRM. To give the app developer a closer view into if a specific install of their app was actually purchased, or was 'acquired' by sideload without payment.
  • I could compress an app down to about 10% of its original size in some cases. In this process I can send to to you in an email. From there you can uncompressed the original and run from there.
  • I assumed the P2P options were more like a local LAN network that didn't require internet access -- such as a local Bluetooth transfer. Then it would make sense.
  • Precisely. P2P that traverses unmetered connections (i.e. the F-Droid offline app sharing model) don't cost a dime, no matter how big the APK package is.
  • I think what Google is doing is right. As long as they don't block us from installing apps from outside the Play Store like ShowBox then I'm fine with Google adding DRM to apps.
  • Not soon but they will eventually stop things like showbox etc being installed I think, seems to me this is the first step to taking control of Android.
  • When things I ShowBox are stopped, then Android will have become as boring as iOS. Google can still take control of Android by keeping what makes us choose Android instead of an iPhone. If Google goes down this route, they might as well be iOS complete with the boring grid of icons. I didn't come back to Android only for Google to turn Android into iOS.
  • Show box is a free “pirated” movie streamer. So if Android pulls the plug on something that shouldn’t exist, you’re gonna compare it to Apple? Wow.
  • And you can't see how this heavy-handed policy could easily be used to wipe out open source repositories like F-Droid using the same logic? It hosts Bittorrent which can definitely be used for piracy. Hell, they also host web browsers which can also be used for piracy. Might as well lock down Google's own Drive app as well. Do you know how much pirated content is there in semi-private storage? There's even a subreddit devoted to this.
  • This is bad. It's always bad. Never good. More freedoms being taken away as they tighten the screws on us. Just like our government is doing. As usual this will benefit Google only, and hurt everyone else. Even the app developers. That's how it always is. Greed, and the lust for power know no bounds. Orwell wasn't anyone special. He just understood human nature better then most.
  • Symbian Signed has returned.
  • I love how Google is so blindly pushing people to iOS by removing all that makes Android better. I'm already NOT updating any of my phones to Android Poop and by the looks of it, I'm more and more likely not buying any more Android phones going forward. For a locked down, uncustomisable, dumbed down OS, I rather just go to iOS altogether.
    Or maybe the folks at Jolla will expand their OS to other Android phones.
  • Basically: "I have these small greviances specifically, therefore Google is doomed and Android is dead" Calm it down there Chicken Little. Have a drink. It's not even remotely the end of the world.
  • Some of you people fail to understand that not everyone gives a sh*t about Google services. We picked Android for other reasons. In my case it was the ability to fully customise everything (something sh*t stock Android doesn't allow and Google keeps making harder everywhere) and solve problems like sideloading apk's because of idiotic geo-restrictions or to do something as simple as downgrade an app when a developer screws up an update. And I didn't say Android is dead (though Google is in dire need of being broken up by regulators). I said that Google is making Android sh*ttier by the day and removing the reasons why many people chose it in the first place. Got it now, Pinky?
  • If any skins of Android is sh*t it's Samsung's bloatware mess and abominable of Android which ruins Android and is disgrace to Android. Stock Android may not have the gimmicks masquerading as features like Samsung, you can swap a launcher and get 90% of the customisation options that you can get with your precious Samsung. And to use your quote, not everyone gives a sh*t about Same services either.
  • We know you don’t like Samsung, but this has absolutely nothing to do with them or LG etc so stop spouting rubbish.
  • I'm not spouting rubbish, slapping a launcher on a Pixel gets you 90% of what you can do on Samsung or any other non Pixel phone. Let Samsung lover DJCBS speak for himself. I don't have a problem with Samsung, as such, I don't like their software and yes they're not my favourite OEM either.
  • Well, not everyone likes the pixel and thinks stock android is rubbish. We don’t have a problem with android, just we don’t like the software. And who they use as vendors aren’t our favorite OEM’s either.
  • Or may be , just calm down a bit..:)
  • Same answer as above.
  • It's difficult to read the tea leaves on this one, some see Doom and gloom and some see a silver lining. We just need to remember that Google's Android is not a free system, Google has to answer for any bad stuff that happens to it. So this is surely part of a plan to secure their ecosystem. And I think those who wanted to go to iOS will eventually do so no matter what Google does or doesn't do.
  • Well "Android" is open source. So if Google somehow mess it up, any other company or community could just fork it and make it right.
  • Yes if you don't need an app store or any Google services.
    Ask ZTE how easy this is!
  • To be fair, China already has many homegrown domestic services that closely mimic Google's. To think that nothing could ever replace them is being naive. Even open source projects like Nextcloud and microG make migrating away from Google to alternatives possible for those that care to go that route.
  • Yes possible but not easy.
    It's naive to think it is.
  • My biggest concern with this is older apps that haven't been updated in years but still work fine. They probably won't be updated and therefore won't work on devices running a future version of Android that requires apps have DRM. I use a Mileage app that hasn't been updated since 2012. It still has the 3 dots menu in the navigation bar that brings up the menu that used to be accessed by the pre-Ice Cream Sandwich "Menu" button. I doubt that app will be updated.
  • Google don't make the mistake of removing what makes Android great. I don't want to have to go back to iPhones. I hope faith the Google won't close off Android altogether by block us from Dow apks from outside the Play Store. That's my biggest concern. I just hope my faith in Google isn't misplaced.
  • Going back to the iPhone is not an upgrade.
  • I agree going back to iPhones are a downgrade.
  • Why would going back to an iDevice threaten Google in the slightest? You'd still be using their services on that phone. If you really wanted to cut them off cold turkey, you'd opt for a phone like the Librem 5 instead.
  • I didn't know that you needed to have seem to track version number. I thought all you needed to do was update it manually. Times have changed. Apparently it's a new DLC.
  • Oh greaaaat! If Google makes it to where I CAN'T use my Amazon apps in the future, I'm going to switch over to a Windows tablet, because at that point Google will be utter bantha fodder! C'mon Google, what's the point of having the ability to install from Unknown Sources if in the semi-near future your going to make it to where you need a DRM code built into an app before your phone even launches it? That automatically rules out ANY sort of "Unknown Sources" apps like Amazon's appstore! The reason why I use Android anyway is because there's more than one appstore. If you take that away from us, your just as bad as Apple! Well, at least we'll still have the ability to root our devices, UNLESS GOOGLE TURNS EVIL AND TAKES THAT AWAY FROM US AS WELL.
  • Oh my God. The whole reason I stayed away from Apple....and here we go. I guess this is gonna totally screw you into not being able to save APKs and roll back an update to a previous version by side loading.
  • Nah, because we have the custom rom community
  • Although open source Android is totally Googles due to the software and app store Google own.
  • "Google added this metadata so you can buy an app from any approved distributor and it will work with Google Play Store features like family library and subscriptions." So it will be possible to get paid apps for free from the Amazon Underground app store and update it through Google Play?
  • Yes. That's exactly what this is doing right now. I get that we need to worry about how it could be abused, because I am, too. But today, right now, the reason for this is not a bad one.
  • Won't this prevent us from downloading apps from a 3rd party?
  • Not really. You just lose certain perks like having the Play Store automatically update your sideload app, eligibility for Family Library, and subscriptions. But if you're fine manually updating those apps, I don't see why Google would care. Google Play Protect even scans sideloaded apps for known malware, so the security aspect of sideloading is mostly taken care of. Then again, that assumes your device actually has Google Play Services active to take advantage of that protection. If it doesn't, you're entirely responsible for any malicious app that takes up residence in your device.
  • So if my Internet connection is garbage, then this isn't bad because I could get my APKs from somebody on a USB stick or something? Yay.
  • DRM is not "evil".
    Much like a car, the owner has to use a key.
    If no keys were needed for a car, good luck, everyone would "borrow" it.
    Human nature being what it is, if authentication was not needed, software just gets passed around freely.
    Hmmm, kind of like immigration, but that is for another board......
  • Will this force us to keep our apps updated?
  • Another writer over at engadget seems to think so... "Simultaneously... well, it's DRM. As with media services, there's the potential for companies to use DRM to determine how and when you use their apps. It might be difficult or impossible to tinker with an app (say, to remove ads) without stripping the DRM. There's also the chance that a developer could force you to move to a newer version of an app by altering the metadata and preventing you from installing earlier versions that you might prefer. As good as this may be for mobile app security, it's possible that developers will misuse this to exert more control over how you use their software." https://www.engadget.com/2018/06/24/google-adds-security-drm-to-android-...
  • That's just baseless speculation on wrong assumptions, namely that developers can change anything about this metadata but they cannot as it's added by the Google Play publishing process. So no, this does not force anyone to keep their apps updated.
  • No, it will not. No more than developers can already do this (e.g. by turning off access to their servers and APIs for older versions).
  • I’m on the fence here with this. Part of me says they are doing what is necessary, but the other part is saying abuse is coming with a five finger death punch. Let’s all cool our jets for now and wait and see.