Edgar Cervantes / Android Authority
TL;DR
- Google is adding an additional layer of security when installing an APK or updating an app through an APK.
- A PIN or biometric authentication will now be required in certain cases.
- This will be the case for APKs that Google thinks are malicious or didn’t come from the Play Store.
The Play Store has a variety of security tools to protect users from vulnerabilities. Google is now adding yet another layer of security to protect against malicious APKs.
An APK teardown helps predict features that may arrive on a service in the future based on work-in-progress code. However, it is possible that such predicted features may not make it to a public release.
Currently, if the Play Store wants to scan an APK you’re trying to install, a warning will pop up. If users want to bypass this warning, however, they can tap “Install anyway.” This is a problem because it can allow malicious APKs to be installed on your phone.
While digging through the Play Store (version 41.4.19), we found that Google is working on a way to further protect users from malicious APKs. If the Play Store is suspicious of an APK, you’ll now be required to enter a PIN or submit biometric authentication before you’ll be able to install the APK or update an app with it.
The feature isn’t live, but we were able to activate it through a flag. In the image above, you can see what it will probably look like when it does go live.
This isn’t the only feature Google seems to be working on. We also recently reported on finding a feature called “App auto open” that will automatically open apps after installation.