Google designs foundation for secure offline app distribution

BY LEAH WILLIAMS
Posted on AUG 01, 2019

The verification initiative is part of a wider objective towards improving app security international users.

Google will introduce the integration of security metadata to Android application packages (APKs) distributed through Google Play. Users with restricted internet access will have the ability to verify peer-to-peer app sharing legitimacy.

The update is targeted towards limited internet users in areas where mobile data is at a premium, either due to price or availability, which leads to APKs being frequently shared peer-to-peer.
"One of the reasons we're doing this is to help developers reach a wider audience, particularly in countries where peer-to-peer app sharing is common because of costly data plans and limited connectivity," noted James Bender, Product Manager at Google Play.

While offline, the authenticity of apps obtained through Play-approved distribution channels can be determined.

According to Google, the update includes a new date-based version scheme, for entering a "Service address" that will be "sent to emergency services if you dial an emergency number."

Bender further explained,"In the future, for apps obtained through Play-approved distribution channels, we'll be able to determine app authenticity while a device is offline, add those shared apps to a user's Play Library, and manage app updates when the device comes back online. This will give people more confidence when using Play-approved peer-to-peer sharing apps."

Google says that developers will actually benefit from the change, as apps shared peer-to-peer in areas with poor connectivity can now be kept up to date by the Play Store.