Google is adding DRM to all Android apps, but it's for the right reasons

Earlier this week, Google quietly rolled out a feature that adds a string of metadata to all APK files (that's the file type for Android apps) when they are signed by the developer. You can't install an application that hasn't been signed during its final build, so that means that all apps built using the latest APK Signature Scheme will have a nice little chunk of DRM built into them. And eventually, your phone will run a version of Android that won't be able to install apps without it.

What the hell? DRM? Why?

DRM is why Netflix used to only work on approved phones. But it doesn't have to be used for evil.

We can relax (for now). We all hate DRM (technically, Digital Rights Management) because of the way developers and publishers have abused it. DRM means you are being treated like a thief before you buy any software. A great example is having to install the Origin client and have it regularly be checked online to run any games published by EA.

EA doesn't trust that we paid for the software title so it forces us to present our papers when demanded. PC gaming is rife with DRM and applications like Steam or U Play exist for the very same reason. Other examples come from Sony, Disney, EMI, and every other entertainment publisher which decides where in the world you are allowed to listen to music or watch a movie that you paid for, or how many times you are allowed to do so.

So DRM is bad to the core. But not really. DRM is simply a way for a developer or publisher to keep track of software versions and authenticity. Sometimes you need to do that for the right reason.

As of now, Google's reason is right. That doesn't mean the company can't change its tune and go all out crazy (like EA) in the future and limit how, where, when, and why we can use the apps we paid for, but for now everything is good. Google added this metadata so you can buy an app from any approved distributor and it will work with Google Play Store features like family library and subscriptions.

Apps have to be "signed" to verify their contents. Adding metadata to this signature ensures we will have DRM in every app eventually.

Android can read the metadata automatically inserted into an app and verify that it's a legitimately sourced version and approved for use by the developer. If it passes these checks, it is added to your Google Play Store library. You'll be able to update through Google Play, use things like Google Play Games for leaderboards and achievements, or share an app with people in your Family Library. And the developer can change the metadata at any time with a new signing key, which ends support for the current version and creates a new listing in Google Play.

Google says it did this for two reasons — the first is a little worrisome, and it's to allow developers more control over how their apps are used. There is certainly potential for abuse there, but we have to wait and see if any developers get any bad ideas. The second is straight out of left field for most of us — many people live where data isn't affordable and available, so they share apps using peer-to-peer distribution channels. That doesn't mean these people are stealing apps. It means they can pay through a portal then use a peer-to-peer network to get their copy using as little data as possible.

Developers want us all to have access to the apps they create. More downloads mean more exposure and more income via sales or ad revenue. That's what app developers want.

Google may be using a fancy set of words to disguise the fact that Android apps will soon all have DRM inserted in a way that's difficult to remove and eventually your phone will need to be able to read it to install them. That's smart — it kept the internet from erupting in a frenzy of pitchforks and furor normally reserved for lootboxes or Comcast.

But it is DRM, and Google has very good reasons to be adding it. Let's all hope that everyone involved doesn't get any ideas about abusing it.

Jerry Hildenbrand
Senior Editor — Google Ecosystem

Jerry is an amateur woodworker and struggling shade tree mechanic. There's nothing he can't take apart, but many things he can't reassemble. You'll find him writing and speaking his loud opinion on Android Central and occasionally on Twitter.