Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
Aiedail

Google Adding DRM to All Apps on the Play Store

Recommended Posts

Posted · Original PosterOP

SOURCE: https://android-developers.googleblog.com/2018/06/google-play-security-metadata-and.html?m=1

 

Google just announced that they'd start to ad a special string of metadata to all apps on the Play store. 

 

This is not all bad news, Google is reportedly doing this so make offline peer-to-peer distribution safer as as APK's not containing this DRM will not run. 

 

This could potentially also make pirating APK's safer as you wouldn't be able to install potential viruses. 

 

Although there's nothing saying that Google can't turn around and abuse this on a later date.

 

EDIT:

 

This is what Google themselves say about why they're adding this:

 

"One of the reasons we're doing this is to help developers reach a wider audience, particularly in countries where peer-to-peer app sharing is common because of costly data plans and limited connectivity."


Core I5 8600k @5GHz | Asus Strix OC GeForce GTX 1070 | 2x8 GB DDR4 2666MHz | Fractal Design Define C TG | Fractal Design Celcius S24 | Crucial MX300 525GB SSD | Seagate Barracuda 2TB 7200 RPM HDD | MSI Krait Gaming z370

Link to post
Share on other sites

 

A mod will move/delete this unless you fix it ;)


Main Rig:-

Ryzen 7 3800X | Asus ROG Strix X570-F Gaming | 16GB Team Group Dark Pro 3600Mhz | Corsair MP600 1TB PCIe Gen 4 | Sapphire 5700 XT Pulse | Corsair H115i Platinum | WD Black 1TB | WD Green 4TB | EVGA SuperNOVA G3 650W | Asus TUF GT501 | Samsung C27HG70 1440p 144hz HDR FreeSync 2 | Windows 10 Pro X64 |

 

Server:-

Intel NUC running Server 2019 + Synology DSM218+ with 2 x 4TB Toshiba NAS Ready HDDs (RAID0)

Link to post
Share on other sites
14 minutes ago, CerberusFlame99 said:

so... how will this work for apps that cant get onto the play store? (Niche apps, adult apps, apps still under development, etc)

No change. This should be for Play Store apps only and Play Store apps distributed through other channels. I think a developer that has an app on the store could even make a separate APK without the DRM to distribute elsewhere. Currently, APKs with no Store affiliation don't get added to your library anyway.

Link to post
Share on other sites
2 minutes ago, Trixanity said:

No change. This should be for Play Store apps only and Play Store apps distributed through other channels. I think a developer that has an app on the store could even make a separate APK without the DRM to distribute elsewhere. Currently, APKs with no Store affiliation don't get added to your library anyway.

Im guessing I just read this wrong then? (sorry Im pretty sleep deprived) But it seemed to me like he was saying that if it didnt have the DRM, It wont run on the Android operating system...

Quote

This is not all bad news, Google is reportedly doing this so make offline peer-to-peer distribution safer as as APK's not containing this DRM will not run. 

 


It doesnt matter who wins and who loses, because in the end, the king and the pawn go into the same box.

Link to post
Share on other sites
1 minute ago, CerberusFlame99 said:

Im guessing I just read this wrong then? (sorry Im pretty sleep deprived) But it seemed to me like he was saying that if it didnt have the DRM, It wont run on the Android operating system...

 

The source says no such thing though so I think that's an interpretation. I'd imagine XDA would be up in arms if APKs were killed as it'd be a huge blow to the developer community.

 

I think what will happen is that you'll be able to tell if an app is Play Store approved and that it authenticates the app as legit and unchanged. So if you snatch an APK and try to redistribute it either as is or if modified, it'll refuse to run unless approved with the correct metadata string.

 

Link to post
Share on other sites
Posted · Original PosterOP
23 minutes ago, Master Disaster said:

 

A mod will move/delete this unless you fix it ;)

Added a quote for the original article if that was what you was talking about. 


Core I5 8600k @5GHz | Asus Strix OC GeForce GTX 1070 | 2x8 GB DDR4 2666MHz | Fractal Design Define C TG | Fractal Design Celcius S24 | Crucial MX300 525GB SSD | Seagate Barracuda 2TB 7200 RPM HDD | MSI Krait Gaming z370

Link to post
Share on other sites
1 minute ago, Trixanity said:

The source says no such thing though so I think that's an interpretation. I'd imagine XDA would be up in arms if APKs were killed as it'd be a huge blow to the developer community.

 

I think what will happen is that you'll be able to tell if an app is Play Store approved and that it authenticates the app as legit and unchanged. So if you snatch an APK and try to redistribute it either as is or if modified, it'll refuse to run unless approved with the correct metadata string.

 

Hmm. I see what youre saying but I wonder how they would make this work... Im sure there will just be cracked apps where the DRM is removed just like we do for PC programs and games...


It doesnt matter who wins and who loses, because in the end, the king and the pawn go into the same box.

Link to post
Share on other sites
1 minute ago, CerberusFlame99 said:

Hmm. I see what youre saying but I wonder how they would make this work... Im sure there will just be cracked apps where the DRM is removed just like we do for PC programs and games...

Yeah, I imagine you can you strip the DRM but then it'll just be like any other APK outside of the Store. This move means you can distribute your app through P2P and when you install it, it'll be added to your library and updated through the store like any other store app. With regular APKs, you'd need to update through a new APK or some other custom method.

This is basically a seal of approval that this app came from the Play Store and can therefore integrate with that and whatever that entails. 

This is a way to distribute Play Store apps through other sources and verifying their authenticity. It should not affect current or future APKs like those you'll find circumventing the Store for various reasons.

Link to post
Share on other sites
2 minutes ago, Trixanity said:

Yeah, I imagine you can you strip the DRM but then it'll just be like any other APK outside of the Store. This move means you can distribute your app through P2P and when you install it, it'll be added to your library and updated through the store like any other store app. With regular APKs, you'd need to update through a new APK or some other custom method.

This is basically a seal of approval that this app came from the Play Store and can therefore integrate with that and whatever that entails. 

This is a way to distribute Play Store apps through other sources and verifying their authenticity. It should not affect current or future APKs like those you'll find circumventing the Store for various reasons.

Oh okay. so basically it just means that that version of the app has been verified to be unmodified. basically its just a retail version of the app?


It doesnt matter who wins and who loses, because in the end, the king and the pawn go into the same box.

Link to post
Share on other sites
4 minutes ago, CerberusFlame99 said:

Oh okay. so basically it just means that that version of the app has been verified to be unmodified. basically its just a retail version of the app?

Sure, I guess. It's kinda like buying a Steam key elsewhere and adding it to Steam I'd say. Not entirely the same but I think the analogy is sound.

You can still get pirated apps elsewhere or get cracked versions elsewhere. In this case, you still have access to the DRM-free GOG store if you want but Steam is the primary platform and you can now get Steam products elsewhere too. That's the gist of what's happening from what I can tell.

Link to post
Share on other sites

Yeah, so that crap store apps modified to be clean wont run eh?

But no matter, it can be bypassed with Magisk systemless apps


Awareness is key. Never enough, even in the face of futility. Speak the truth as if you may never get to say it again. This world is full of ugly. Change it they say. The only way is to reveal the ugly. To change the truth you must first acknowledge it. Never pretend it isn't there. Never bend the knee.

 

Please quote my post in your reply, so that I will be notified and can respond to it. Thanks.

Link to post
Share on other sites

For fans of their gnu/freedumbs like myself:

 

https://f-droid.org/

 

either way this doesn't seem to be a big issue - yet.

7 minutes ago, huilun02 said:

Magisk systemless apps

Ohhh... that looks interesting


...is there a question here? 🤔

sudo chmod -R 000 /*

What is scaling and how does it work? Asus PB287Q unboxing! Console alternatives :D Watch Netflix with Kodi on Arch Linux Sharing folders over the internet using SSH Beginner's Guide To LTT (by iamdarkyoshi)

Sauron'stm Product Scores:

Spoiler

Just a list of my personal scores for some products, in no particular order, with brief comments. I just got the idea to do them so they aren't many for now :)

Don't take these as complete reviews or final truths - they are just my personal impressions on products I may or may not have used, summed up in a couple of sentences and a rough score. All scores take into account the unit's price and time of release, heavily so, therefore don't expect absolute performance to be reflected here.

 

-Lenovo Thinkpad X220 - [8/10]

Spoiler

A durable and reliable machine that is relatively lightweight, has all the hardware it needs to never feel sluggish and has a great IPS matte screen. Downsides are mostly due to its age, most notably the screen resolution of 1366x768 and usb 2.0 ports.

 

-Apple Macbook (2015) - [Garbage -/10]

Spoiler

From my perspective, this product has no redeeming factors given its price and the competition. It is underpowered, overpriced, impractical due to its single port and is made redundant even by Apple's own iPad pro line.

 

-OnePlus X - [7/10]

Spoiler

A good phone for the price. It does everything I (and most people) need without being sluggish and has no particularly bad flaws. The lack of recent software updates and relatively barebones feature kit (most notably the lack of 5GHz wifi, biometric sensors and backlight for the capacitive buttons) prevent it from being exceptional.

 

-Microsoft Surface Book 2 - [Garbage - -/10]

Spoiler

Overpriced and rushed, offers nothing notable compared to the competition, doesn't come with an adequate charger despite the premium price. Worse than the Macbook for not even offering the small plus sides of having macOS. Buy a Razer Blade if you want high performance in a (relatively) light package.

 

-Intel Core i7 2600/k - [9/10]

Spoiler

Quite possibly Intel's best product launch ever. It had all the bleeding edge features of the time, it came with a very significant performance improvement over its predecessor and it had a soldered heatspreader, allowing for efficient cooling and great overclocking. Even the "locked" version could be overclocked through the multiplier within (quite reasonable) limits.

 

-Apple iPad Pro - [5/10]

Spoiler

A pretty good product, sunk by its price (plus the extra cost of the physical keyboard and the pencil). Buy it if you don't mind the Apple tax and are looking for a very light office machine with an excellent digitizer. Particularly good for rich students. Bad for cheap tinkerers like myself.

 

 

Link to post
Share on other sites
4 minutes ago, asus killer said:

isn't this like a contradiction? how do you do P2P offlineo.O

You come to my house and use wifi or Bluetooth to transfer the apk to my phone.

 

It's common on devices in places like India and Africa where high quality internet can be challenging.

Link to post
Share on other sites

I think google just needs to better moderate their play store. the amount of fake apps and blatant ripoffs is insane.

 

for example of just PUBG on just the first like 4 rows

  • Unknown Battle round Royale
  • Battlelands Royale
  • Grand Battle Royale: Pixel FPS (pixel in this case, meaning basically Minecraft graphics)
  • PIXEL'S UNKNOWN BATTLE GROUND (almost identical to the above)
  • Battle Royale Craft (almost identical to the 2 above)
  • Royale Battle 2018 Survival

 

and theres another billion for fortnight


Judge the product by it's own merits, not by the Company that created it.

 

 

Link to post
Share on other sites
3 minutes ago, asus killer said:

isn't this like a contradiction? how do you do P2P offlineo.O

That's another interpretation by OP.

The source says this

Quote

One of the reasons we're doing this is to help developers reach a wider audience, particularly in countries where peer-to-peer app sharing is common because of costly data plans and limited connectivity.

 

In the future, for apps obtained through Play-approved distribution channels, we'll be able to determine app authenticity while a device is offline, add those shared apps to a user's Play Library, and manage app updates when the device comes back online. This will give people more confidence when using Play-approved peer-to-peer sharing apps.

 

This also benefits you as a developer as it provides a Play-authorized offline distribution channel and, since the peer-to-peer shared app is added to your user's Play library, your app will now be eligible for app updates from Play.

I honestly don't know how P2P would benefit anyone's data plan. With large files it would allow you to stop and resume so you can get the files over several sessions but since I assume most plans are monthly: how many would download an app over several months to avoid fees or throttling unless there is a daily limit on the network?

 

The offline aspect sounds like one person could download it and share it with friends locally and they'd get full Play Store support. You could also have a LAN/network that distributes apps that doesn't always have the best internet connectivity and still use P2P technology to distribute apps.

 

I feel like I'm grasping at straws to justify the necessity though.

Link to post
Share on other sites
1 minute ago, Trixanity said:

That's another interpretation by OP.

The source says this

I honestly don't know how P2P would benefit anyone's data plan. With large files it would allow you to stop and resume so you can get the files over several sessions but since I assume most plans are monthly: how many would download an app over several months to avoid fees or throttling unless there is a daily limit on the network?

 

The offline aspect sounds like one person could download it and share it with friends locally and they'd get full Play Store support. You could also have a LAN/network that distributes apps that doesn't always have the best internet connectivity and still use P2P technology to distribute apps.

 

I feel like I'm grasping at straws to justify the necessity though.

No you had it precisely right. That's how a low of app distrobution in developing countries is handled. Handsets have software built in to let you directly share software with your friends, rather than going through official distribution methods, over lan. There are also sometimes "distribution centers" where you can go and they just have a big collection of apps to download/update over WiFi.

 

I also just want to point out for everyone that if you're worried about intrusive DRM this is not that in any way. This is DRM that works pretty much opposite how most DRM you'd think of works.

 

As far as intrusive DRM for paid apps, Google Play has had that for like forever. It's the "validating lisence" you see when starting some apps. It just mostly goes unnoticed because it usually "just works", is fairly out of sight, and relatively unintrusive.

Link to post
Share on other sites

stop saying DRM, this is at all not like DRM as i understood it.

DRM is digital rights management or something like that, this is nothing like that as it appears to have nothing to do with copyrights. It's just some code that the android OS checks for even off-line.

 

still couldn't someone inject the virus and leave the code in there? does it check for file size? i guess we will probably have more information later by hackers 


.

Link to post
Share on other sites
3 minutes ago, asus killer said:

stop saying DRM, this is at all not like DRM as i understood it.

DRM is digital rights management or something like that, this is nothing like that as it appears to have nothing to do with copyrights. It's just some code that the android OS checks for even off-line.

 

still couldn't someone inject the virus and leave the code in there? does it check for file size? i guess we will probably have more information later by hackers 

Yeah, I don't think it actually blocks anything as the OP implies it does. I think at best it'll throw a warning if the metadata doesn't match (I may be wrong) or maybe you can force-install it anyway.

 

I think all Play Store apps has checksum verification when downloading. APKs obviously don't. This initiative adds data to verify Play Store apps that aren't downloaded on the Play Store. This doesn't prevent malware directly but there are a lot of measures on the Play Store to secure and verify apps but there's obviously ways to upload crap to the store anyway. So I don't think is is a security/piracy prevention program in any form. It's just to give developers alternative distribution methods to give them more opportunities to increase the size of their audience.

Link to post
Share on other sites

Could it be that this only will affect app with min API level 24 (android 7.0) and above?

They want to add the data to the apk signing block which was introduced with android 7.

Link to post
Share on other sites
2 hours ago, Pangea2017 said:

Could it be that this only will affect app with min API level 24 (android 7.0) and above?

They want to add the data to the apk signing block which was introduced with android 7.

It'll work only with devices on Android 7+, but should work regardless of app version. Keep in mind that the APK you upload to Google Play and the APK users receive nowadays are slightly different. They do some further optimizations on their end, add in extra metadata, and with App Bundles or Instant Apps even chop up your app and distribute it in little bits.

 

3 hours ago, asus killer said:

stop saying DRM, this is at all not like DRM as i understood it.

DRM is digital rights management or something like that, this is nothing like that as it appears to have nothing to do with copyrights. It's just some code that the android OS checks for even off-line.

 

still couldn't someone inject the virus and leave the code in there? does it check for file size? i guess we will probably have more information later by hackers 

It's not checking filesize, but rather a checksum of the contents. Even if you made a new file with the same size, but different content, the checksum wouldn't match and it would fail to verify.

Link to post
Share on other sites
3 hours ago, asus killer said:

stop saying DRM, this is at all not like DRM as i understood it.

It's DRM. Not the typical style of DRM, but DRM none the less.

4 hours ago, asus killer said:

how do you do P2P offline

Sneakernet.


Come Bloody Angel

Break off your chains

And look what I've found in the dirt.

 

Pale battered body

Seems she was struggling

Something is wrong with this world.

 

Fierce Bloody Angel

The blood is on your hands

Why did you come to this world?

 

Everybody turns to dust.

 

Everybody turns to dust.

 

The blood is on your hands.

 

The blood is on your hands!

 

Pyo.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×