The Google Play store is receiving yet another ghost update where-in there’s a significant boost in version upgrade but there aren’t any visible changes in the app. The new update bumps the Play store version to 7.7.17 from the previous 7.7.09, and it now uses Android O APIs as well.
We took a ride into code of the new Play Store and found some really interesting changes in regards to security for apps installed from unknown sources. Have a look:
New APK verification checks and warnings
The new Play Store version has a long list of app verification checks and warnings. And this reflects in the amount of time it now takes to install an APK file of any as compared to previous versions of the Play Store.
The Play Store will now block and notify you of all known bad behavior of apps like the following:
<string name="verify_apps_block_backdoor">This app lets hackers control your device, giving them unauthorized access to your data.</string> <string name="verify_apps_block_commercial_spyware">This app can be used to spy on you.</string> <string name="verify_apps_block_ddos">This app can be used to perform denial of service attacks against other systems and resources.</string> <string name="verify_apps_block_generic_malware">This app can damage your device, add hidden charges to your mobile bill, or steal your personal information.</string> <string name="verify_apps_block_harmful_distribution">"This app is being installed by another app that's known to be harmful."</string> <string name="verify_apps_block_hostile_downloader">This app can download potentially harmful apps.</string> <string name="verify_apps_block_phishing">This app is fake. It can steal your personal data, such as passwords.</string> <string name="verify_apps_block_privilege_escalation">This app can permanently damage your device or cost you money.</string> <string name="verify_apps_block_ransomware">This app can restrict access to your device until a sum of money is paid.</string> <string name="verify_apps_block_rooting_malware">"This app contains code that attempts to bypass Android's security protections."</string> <string name="verify_apps_block_sms_fraud">This app can add charges to your mobile bill by sending costly SMS messages without informing you first.</string> <string name="verify_apps_block_spam">This app can be used to flood targeted tablets, PCs, and mobile phones with messages.</string> <string name="verify_apps_block_spyware">This app can spy on you by sending your personal data to unauthorized parties.</string> <string name="verify_apps_block_trojan">This app is fake. It can damage your device and steal your data.</string> <string name="verify_apps_warn_backdoor">This app lets hackers control your device, giving them unauthorized access to your data.</string> <string name="verify_apps_warn_call_fraud">This app can add charges to your mobile bill by making costly calls without informing you first.</string> <string name="verify_apps_warn_commercial_spyware">This app can be used to spy on you.</string> <string name="verify_apps_warn_data_collection">This app can collect data that may be used to track you.</string> <string name="verify_apps_warn_ddos">This app can be used to perform denial of service attacks against other systems and resources.</string> <string name="verify_apps_warn_generic_malware">This app can damage your device, add hidden charges to your mobile bill, or steal your personal information.</string> <string name="verify_apps_warn_harmful_distribution">"This app is being installed by another app that's known to be harmful."</string> <string name="verify_apps_warn_harmful_site">This app comes from a website that distributes potentially harmful apps.</string> <string name="verify_apps_warn_hostile_downloader">This app can download potentially harmful apps.</string> <string name="verify_apps_warn_non_android_threat">This app can harm non-Android devices.</string> <string name="verify_apps_warn_phishing">This app is fake. It can steal your personal data, such as passwords.</string> <string name="verify_apps_warn_privilege_escalation">This app can permanently damage your device or cost you money.</string> <string name="verify_apps_warn_ransomware">This app can restrict access to your device until a sum of money is paid.</string> <string name="verify_apps_warn_rooting">"This app contains code that attempts to bypass Android's security protections."</string> <string name="verify_apps_warn_sms_fraud">This app can add charges to your mobile bill by sending costly SMS messages without informing you first.</string> <string name="verify_apps_warn_spam">This app can be used to flood targeted tablets, PCs, and mobile phones with messages.</string> <string name="verify_apps_warn_spyware">This app can spy on you by sending your personal data to unauthorized parties.</string> <string name="verify_apps_warn_toll_fraud">This app can add charges to your mobile bill without asking you first.</string> <string name="verify_apps_warn_trojan">This app is fake. It can damage your device and steal your data.</string> <string name="verify_apps_warn_uncommon">This app can harm your device, add unwanted charges to your mobile bill, or expose your personal information.</string> <string name="verify_apps_warn_windows_malware">This app can harm a device running Windows.</string>
Also, if you install an app by APK file when there’s no internet connection on your device. The Play store will now verify that app when internet connection back on your device. The following code reveals this info:
<string name="verify_app_install_offline">Security scan will run when next online</string> <string name="verify_app_install_scanning">Verify apps is scanning...</string> <string name="verify_app_no_issues_found_banner">No issues were found</string>
Block App updates from unknown sources
Play Store will now notify users when apps are updated by unknown sources. This includes apps which install updates directly from their own servers, not Play Store.
<string name="speedbump_settings_description">Notify when apps are updated by unknown sources</string> <string name="speedbump_settings_label">Protect my updates</string>
More reference of the feature:
<string name="package_speedbump_banner">Update is from an unverified source.</string> <string name="package_speedbump_dialog_description">You installed this app from %1$s. %2$s is trying to update it. If you install this update, the app or your device might not work properly.</string> <string name="package_speedbump_dialog_detailed_description">Updates that come from unverified sources could cause your device or apps to behave unpredictably. To keep your device stable, install updates from the same app store where you got the app from.</string> <string name="package_speedbump_dont_update_text">"DON'T UPDATE"</string> <string name="package_speedbump_headsup_action_view_app">VIEW APP</string> <string name="package_speedbump_headsup_description">"You'll still get verified updates from %1$s"</string> <string name="package_speedbump_headsup_title">Unsafe update blocked</string> <string name="package_speedbump_install_anyway">Install anyway</string>
Auto update assist in My Apps
There is mention of auto update assist for the My Apps section on Play Store. This will probably bring Auto update toggle to the My apps section in the app.
<string name="myapps_auto_update_assist_enable_button">TURN ON</string> <string name="myapps_auto_update_assist_enabled_toast">Auto-update is turned on</string> <string name="myapps_auto_update_assist_enabled_toast_undo">Undo</string> <string name="myapps_auto_update_assist_message">Updates bring you the best new features. We will only update apps over Wi-Fi.</string> <string name="myapps_auto_update_assist_title">Keep your apps up-to-date</string>
Play Store widget has gone
The old little 2 x 2 Play Store widget which used to give suggestions (one-by-one) for apps and games, has now gone. The Play Store now only has two widgets: ‘Play – My Library’ and ‘Play Recommendations’.
We’ll keep digging for more info on these new features on the Play Store. As it seems, not all of these new features are implemented in the Play Store yet, some of these could be Android O specific features that might go live with the Android O Developer Preview 2 release.
Those of you who haven’t received the new Play Store update yet (v7.7.17), can grab the APK file from our downloads page below:
Discussion