Now on Demand Ransomware Resilience & Recovery Summit - All Sessions Available
Connect with us

Hi, what are you looking for?


Mobile & Wireless

Google Marks APKs Distributed by Google Play

Google this week announced that it is adding a small amount of security metadata on top of APKs distributed by Google Play in order to verify their authenticity.

Google this week announced that it is adding a small amount of security metadata on top of APKs distributed by Google Play in order to verify their authenticity.

Initially announced in December 2017, the new change is designed to verify product authenticity from Google Play and is accompanied by an adjusted Google Play maximum APK size to take into account the small metadata addition.

The metadata is meant to work similarly as the official labels or badges that manufacturers place on physical products to mark their authenticity. The metadata will signify Play’s badge of authenticity for all Android apps distributed through the official marketplace.

“One of the reasons we’re doing this is to help developers reach a wider audience, particularly in countries where peer-to-peer app sharing is common because of costly data plans and limited connectivity,” James Bender, Product Manager, Google Play, says.

According to Bender, the new “badge” will help determine the app authenticity for apps obtained through Play-approved distribution channels when the device is offline. These shared apps will be added to a Play Library and app updates management will be possible when the device has connectivity.

“This will give people more confidence when using Play-approved peer-to-peer sharing apps,” he notes.

Developers are also expected to benefit from this change, not only because a Play-authorized offline distribution channel will be available for them, but also because, once the peer-to-peer shared apps are added to the Play library, they become eligible for updates from Play.

Google says no action is required from the developers or from the users of their applications. The small metadata addition is inserted into the APK Signing Block and is expected to improve the integrity of Google Play’s mobile app ecosystem.

Advertisement. Scroll to continue reading.

Beginning in August 2018, developers will need to target API level 26 (Android 8.0) or higher with their new apps. Starting November this year, app updates will have to comply to this requirement as well. Existing applications that don’t receive updates won’t be affected by these changes.

Related: Safe Browsing Now On by Default on Android

Related: Google Turns TLS on By Default on Android P

Related: 700,000 Bad Android Apps Removed From Google Play in 2017

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

MSSP Dataprise has appointed Nima Khamooshi as Vice President of Cybersecurity.

Backup and recovery firm Keepit has hired Kim Larsen as CISO.

Professional services company Slalom has appointed Christopher Burger as its first CISO.

More People On The Move

Expert Insights

Related Content

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Fraud & Identity Theft

A team of researchers has demonstrated a new attack method that affects iPhone owners who use Apple Pay and Visa payment cards. The vulnerabilities...

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

Asus patched nine WiFi router security defects, including a highly critical 2018 vulnerability that exposes users to code execution attacks.