Jump to content

Apps can now block sideloading more easily and force downloads through Google Play

JulienL

Summary

With the latest update to Google's Integrity API android apps are now able to effectively block users from sideloading their app.

 image.png.6e6d875242c2e1ac20e792a5d820b764.png

 

Quotes

Quote

The Google Play Integrity API is an interface that helps developers “check that interactions and server requests are coming from [their] genuine app binary running on a genuine Android device.” It looks for evidence that the app has been tampered with, that the app is running in an “untrustworthy” software environment, that the device has Google Play Protect enabled, and more.

 

My thoughts

I think this is a worrying step toward blocking sideloading that Android is taking. If every app blocks sideloading it isn't that different from sideloading being blocked on the device. After Apple's recent EU rulings forcing them to allow sideloading this feels like both major providers trying to move to closed ecosystems.

 

Sources

https://www.androidauthority.com/play-integrity-sideloading-detection-3480639/

Link to comment
Share on other sites

Link to post
Share on other sites

I suspect this might be more of a move to protect paid apps and security sensitive apps (e.g. banking). 

Gaming system: R7 7800X3D, Asus ROG Strix B650E-F Gaming Wifi, Thermalright Phantom Spirit 120 SE ARGB, Corsair Vengeance 2x 32GB 6000C30, RTX 4070, MSI MPG A850G, Fractal Design North, Samsung 990 Pro 2TB, Alienware AW3225QF (32" 240 Hz OLED)
Productivity system: i9-7980XE, Asus X299 TUF mark 2, Noctua D15, 64GB ram (mixed), RTX 3070, NZXT E850, GameMax Abyss, Samsung 980 Pro 2TB, iiyama ProLite XU2793QSU-B6 (27" 1440p 100 Hz)
Gaming laptop: Lenovo Legion 5, 5800H, RTX 3070, Kingston DDR4 3200C22 2x16GB 2Rx8, Kingston Fury Renegade 1TB + Crucial P1 1TB SSD, 165 Hz IPS 1080p G-Sync Compatible

Link to comment
Share on other sites

Link to post
Share on other sites

3 minutes ago, JulienL said:

If every app blocks sideloading it isn't that different from sideloading being blocked on the device.

The device allows but the particular app doesn't =/= the device itself doesn't allow at all

There is approximately 99% chance I edited my post

Refresh before you reply

__________________________________________

ENGLISH IS NOT MY NATIVE LANGUAGE, NOT EVEN 2ND LANGUAGE. PLEASE FORGIVE ME FOR ANY CONFUSION AND/OR MISUNDERSTANDING THAT MAY HAPPEN BECAUSE OF IT.

Link to comment
Share on other sites

Link to post
Share on other sites

12 minutes ago, porina said:

I suspect this might be more of a move to protect paid apps and security sensitive apps (e.g. banking). 

 

Yeah, I don't see why a majority of apps would bother taking this step, outside of things like the example you listed. I'm not too worried about this (yet).

Link to comment
Share on other sites

Link to post
Share on other sites

4 hours ago, Holmes108 said:

 

Yeah, I don't see why a majority of apps would bother taking this step, outside of things like the example you listed. I'm not too worried about this (yet).

This would become problematic if Google were to make this mandatory if you want to use their payment system.

Link to comment
Share on other sites

Link to post
Share on other sites

5 hours ago, porina said:

I suspect this might be more of a move to protect paid apps and security sensitive apps (e.g. banking). 

Nothing worse than my banking app refusing to work because I also have certain remote control app on the phone (that I knowingly put there). Between being forced to uninstall that app or go through the entire fuckery of changing your bank for the other bank to pull the same kind of BS at any time is the dumbest nonsense I've encountered in a while on a smartphone.

Link to comment
Share on other sites

Link to post
Share on other sites

6 hours ago, porina said:

I suspect this might be more of a move to protect paid apps and security sensitive apps (e.g. banking). 

Bingo.

 

Do you know how many apps MUST be side-loaded to work on Bluestacks or MEMU? Kiss using those pirated APK's on dubious sites goodbye.

 

I don't expect many apps and games to actually enforce this, because I see the consequences for doing so (Eg people using custom builds of Android, Bluestacks, MEMU, and other emulators all being locked out of the app store.)

 

It's more likely that Banking apps and 2FA/Password managers will all opt-in to this, but if games start doing this, people aren't going to bother with playing the game.

 

Link to comment
Share on other sites

Link to post
Share on other sites

I can see why they would want to do this. Especially apps that rely on subscriptions and the likes, to stop modified apps that removes that stuff and enables subscription perks for free.

 

But man I still hate it.

CPU: AMD Ryzen 3700x / GPU: Asus Radeon RX 6750XT OC 12GB / RAM: Corsair Vengeance LPX 2x8GB DDR4-3200
MOBO: MSI B450m Gaming Plus / NVME: Corsair MP510 240GB / Case: TT Core v21 / PSU: Seasonic 750W / OS: Win 10 Pro

Link to comment
Share on other sites

Link to post
Share on other sites

2 hours ago, RejZoR said:

Nothing worse than my banking app refusing to work because I also have certain remote control app on the phone (that I knowingly put there). Between being forced to uninstall that app or go through the entire fuckery of changing your bank for the other bank to pull the same kind of BS at any time is the dumbest nonsense I've encountered in a while on a smartphone.

 

So... your bank wants to protect you against fraud... and you're angry about it?

 

Because that's what they're doing - they're trying to prevent remote access attacks. A scammer gets full access to a mobile device via remote access (basic social engineering techniques) and then uses that access to steal OTP/PIN codes to get access to their account. Because they have full access, that can be done days or even weeks later, when you aren't even using the device.

CPU: i7 4790k, RAM: 16GB DDR3, GPU: GTX 1060 6GB

Link to comment
Share on other sites

Link to post
Share on other sites

8 hours ago, JulienL said:

Summary

With the latest update to Google's Integrity API android apps are now able to effectively block users from sideloading their app.

 image.png.6e6d875242c2e1ac20e792a5d820b764.png

 

Quotes

 

My thoughts

I think this is a worrying step toward blocking sideloading that Android is taking. If every app blocks sideloading it isn't that different from sideloading being blocked on the device. After Apple's recent EU rulings forcing them to allow sideloading this feels like both major providers trying to move to closed ecosystems.

 

Sources

https://www.androidauthority.com/play-integrity-sideloading-detection-3480639/

 

ok but here's the thing, why would you sideload an app that's on the store... like, why?

 

reason for sideloading was always apps that are *not* on the store..

 

 

If the app makers want you to download their app *only* through a certain store that's their prerogative.  what in the world makes you feel entitled to obtain products in any way you wish?  that's never been a thing, at least not legally.  

 

 

The direction tells you... the direction

-Scott Manley, 2021

 

Softwares used:

Corsair Link (Anime Edition) 

MSI Afterburner 

OpenRGB

Lively Wallpaper 

OBS Studio

Shutter Encoder

Avidemux

FSResizer

Audacity 

VLC

WMP

GIMP

HWiNFO64

Paint

3D Paint

GitHub Desktop 

Superposition 

Prime95

Aida64

GPUZ

CPUZ

Generic Logviewer

 

 

 

Link to comment
Share on other sites

Link to post
Share on other sites

4 hours ago, ImorallySourcedElectrons said:

This would become problematic if Google were to make this mandatory if you want to use their payment system.

true... but if they do that's one step more towards losing the whole European market, because that would be almost certainly against a plethora of anti competitive rules.

 

Sure that might not stop them, its still a very big step into that direction considering recent rulings and laws. 

The direction tells you... the direction

-Scott Manley, 2021

 

Softwares used:

Corsair Link (Anime Edition) 

MSI Afterburner 

OpenRGB

Lively Wallpaper 

OBS Studio

Shutter Encoder

Avidemux

FSResizer

Audacity 

VLC

WMP

GIMP

HWiNFO64

Paint

3D Paint

GitHub Desktop 

Superposition 

Prime95

Aida64

GPUZ

CPUZ

Generic Logviewer

 

 

 

Link to comment
Share on other sites

Link to post
Share on other sites

3 hours ago, Mark Kaine said:

 

ok but here's the thing, why would you sideload an app that's on the store... like, why?

 

reason for sideloading was always apps that are *not* on the store..

 

 

If the app makers want you to download their app *only* through a certain store that's their prerogative.  what in the world makes you feel entitled to obtain products in any way you wish?  that's never been a thing, at least not legally.  

 

 

 

The thing is not all apps are available in all regions on the store so you have to sideload in some cases if your in a region where the store doesn't get it.

Link to comment
Share on other sites

Link to post
Share on other sites

7 minutes ago, CarlBar said:

 

The thing is not all apps are available in all regions on the store so you have to sideload in some cases if your in a region where the store doesn't get it.

yeah true, but that's usually because they're not "allowed" in a country or whatever,  i doubt the app itself would have a block in this case... but its a tricky scenario i admit.

 

interesting question though, what examples do we even have for this? 

 

I only know billibilli app is not available on playstore here, i had to sideload it from the website directly, thanks google! Yikes.

The direction tells you... the direction

-Scott Manley, 2021

 

Softwares used:

Corsair Link (Anime Edition) 

MSI Afterburner 

OpenRGB

Lively Wallpaper 

OBS Studio

Shutter Encoder

Avidemux

FSResizer

Audacity 

VLC

WMP

GIMP

HWiNFO64

Paint

3D Paint

GitHub Desktop 

Superposition 

Prime95

Aida64

GPUZ

CPUZ

Generic Logviewer

 

 

 

Link to comment
Share on other sites

Link to post
Share on other sites

1 hour ago, Mark Kaine said:

yeah true, but that's usually because they're not "allowed" in a country or whatever,  i doubt the app itself would have a block in this case... but its a tricky scenario i admit.

 

interesting question though, what examples do we even have for this? 

 

I only know billibilli app is not available on playstore here, i had to sideload it from the website directly, thanks google! Yikes.

 

Back when i was doing unemployment courses i liked to play mobile games, (lots of traveling and also waiting around), and 2 that i really got into, Fate Grand Order and Azure Lane where not available at the time in Europe. Available in the US but not Europe, though Azure Lane did come to Europe later. Had nothing to do with being banned, the people handling the games just didn't care to make them available in Europe at the time.

Link to comment
Share on other sites

Link to post
Share on other sites

4 hours ago, Mark Kaine said:

 

ok but here's the thing, why would you sideload an app that's on the store... like, why?

 

reason for sideloading was always apps that are *not* on the store..

 

 

If the app makers want you to download their app *only* through a certain store that's their prerogative.  what in the world makes you feel entitled to obtain products in any way you wish?  that's never been a thing, at least not legally.  

 

 

What if you want a certain app but not the Google store?

 

Another reason to degoogle and install a custom ROM. But reading other comments it appears tradfi banking shitware only works with googled android and not custom ones cuz muh suckurity, while still using a 4 digit pin for ATM cards.

 

I don't have a smartphone but know a few things.

Caroline doesn't need to hear all this, she's a highly trained professional.

Link to comment
Share on other sites

Link to post
Share on other sites

Oh this is going to mess with a bunch of phones that doesn't have google play pre-installed (see: Huawei).

 

3 hours ago, Mark Kaine said:

yeah true, but that's usually because they're not "allowed" in a country or whatever,  i doubt the app itself would have a block in this case... but its a tricky scenario i admit.

 

interesting question though, what examples do we even have for this? 

 

I only know billibilli app is not available on playstore here, i had to sideload it from the website directly, thanks google! Yikes.

It's more interesting because the play store version which has less functions due to licensing issues instead of downloading straight from bilibili. Not to mention the SEA version which goes to bilibili.tv instead.

Specs: Motherboard: Asus X470-PLUS TUF gaming (Yes I know it's poor but I wasn't informed) RAM: Corsair VENGEANCE® LPX DDR4 3200Mhz CL16-18-18-36 2x8GB

            CPU: Ryzen 9 5900X          Case: Antec P8     PSU: Corsair RM850x                        Cooler: Antec K240 with two Noctura Industrial PPC 3000 PWM

            Drives: Samsung 970 EVO plus 250GB, Micron 1100 2TB, Seagate ST4000DM000/1F2168 GPU: EVGA RTX 2080 ti Black edition

Link to comment
Share on other sites

Link to post
Share on other sites

i mean ok that's some valid reasons people would want to sideload. 

 

it also kinda defeats the whole android "freedom" of installing whatever you want obviously...

 

 

 

The direction tells you... the direction

-Scott Manley, 2021

 

Softwares used:

Corsair Link (Anime Edition) 

MSI Afterburner 

OpenRGB

Lively Wallpaper 

OBS Studio

Shutter Encoder

Avidemux

FSResizer

Audacity 

VLC

WMP

GIMP

HWiNFO64

Paint

3D Paint

GitHub Desktop 

Superposition 

Prime95

Aida64

GPUZ

CPUZ

Generic Logviewer

 

 

 

Link to comment
Share on other sites

Link to post
Share on other sites

3 hours ago, Caroline said:

What if you want a certain app but not the Google store?

 

Another reason to degoogle and install a custom ROM. But reading other comments it appears tradfi banking shitware only works with googled android and not custom ones cuz muh suckurity, while still using a 4 digit pin for ATM cards.

 

I don't have a smartphone but know a few things.

Fellow privacy "freak" here,

My phone is de-googled and i sideload everything, as pretty much all app stores spy on you.

A PC Enthusiast since 2011
AMD Ryzen 7 5700X@4.65GHz | GIGABYTE GTX 1660 GAMING OC @ Core 2085MHz Memory 5000MHz
Cinebench R23: 15669cb | Unigine Superposition 1080p Extreme: 3566
Link to comment
Share on other sites

Link to post
Share on other sites

12 hours ago, Mark Kaine said:

 

ok but here's the thing, why would you sideload an app that's on the store... like, why?

 

reason for sideloading was always apps that are *not* on the store..

 

 

If the app makers want you to download their app *only* through a certain store that's their prerogative.  what in the world makes you feel entitled to obtain products in any way you wish?  that's never been a thing, at least not legally.  

 

 

 

While it wasn't a common thing, there were instances where the app claimed to not be compatible with my specific model of phone, and I suspected there was no good reason for that. Sure enough, after sideloading, it worked perfectly fine.  That happened a handful of times for me years ago (I don't really sideload much anymore. I'm a much more simple phone user these days).

 

One other time I wanted to downgrade due to a bug that was introduced. 

 

It certainly was a rarity that I needed to sideload when it was also available in the play store. But it's a nice option to have. I just like feeling that I have control of my device, like a computer.

 

Nothing makes me see red more than trying to access something on my PC, for example, and then being told I don't have access/permissions that aren't easily bypassed with an admin password.

Link to comment
Share on other sites

Link to post
Share on other sites

12 hours ago, CarlBar said:

 

Back when i was doing unemployment courses i liked to play mobile games, (lots of traveling and also waiting around), and 2 that i really got into, Fate Grand Order and Azure Lane where not available at the time in Europe. Available in the US but not Europe, though Azure Lane did come to Europe later. Had nothing to do with being banned, the people handling the games just didn't care to make them available in Europe at the time.

I mean there are a whole bunch different types of laws that you need to follow by publishing in Europe.  When I was making apps [and GDDPR started becoming a thing] I just went and said "You know what, I really can't be bothered figuring out all the legal disclaimers etc involved when it's just easier to not release there and I will only loose out a bit vs the amount of work I would need to put in in order to make sure I don't trip up on a single thing".  e.g. having a game with "violence" you have to classify as such etc [or something like that].  Then if yours is lets say boarderline "violent" like lets say roadrunner/coyote type you still have to classify and get a higher age restriction.

 

I dont know, I sometimes understand why companies don't want to venture out and release  apps everywhere because frankly it's a pain.  99% of apps I've seen don't even comply correct, which could make them in trouble if they were looked in at.

 

 

 

As for this whole topic, I think it's at least good to let the app publisher decide.  If they don't want to say comply with some laws in a country, and decide not having it operate at all there then it should be their right to.

3735928559 - Beware of the dead beef

Link to comment
Share on other sites

Link to post
Share on other sites

14 minutes ago, wanderingfool2 said:

I mean there are a whole bunch different types of laws that you need to follow by publishing in Europe.  When I was making apps [and GDDPR started becoming a thing] I just went and said "You know what, I really can't be bothered figuring out all the legal disclaimers etc involved when it's just easier to not release there and I will only loose out a bit vs the amount of work I would need to put in in order to make sure I don't trip up on a single thing".  e.g. having a game with "violence" you have to classify as such etc [or something like that].  Then if yours is lets say boarderline "violent" like lets say roadrunner/coyote type you still have to classify and get a higher age restriction.

 

I dont know, I sometimes understand why companies don't want to venture out and release  apps everywhere because frankly it's a pain.  99% of apps I've seen don't even comply correct, which could make them in trouble if they were looked in at.

 

 

 

As for this whole topic, I think it's at least good to let the app publisher decide.  If they don't want to say comply with some laws in a country, and decide not having it operate at all there then it should be their right to.

 

his was a fair while back, i'm not sure GDDPR had even been proposed at the time.

Link to comment
Share on other sites

Link to post
Share on other sites

On 9/12/2024 at 12:13 AM, TetraSky said:

I can see why they would want to do this. Especially apps that rely on subscriptions and the likes, to stop modified apps that removes that stuff and enables subscription perks for free.

If someone is able to crack the app to remove these checks they are also likely able to remove the sideload check...

Don't ask to ask, just ask... please 🤨

sudo chmod -R 000 /*

Link to comment
Share on other sites

Link to post
Share on other sites

6 hours ago, Sauron said:

If someone is able to crack the app to remove these checks they are also likely able to remove the sideload check...

Not that easy, unless you're rooted sometimes you need to go through a lot of anti-verification workarounds.

Specs: Motherboard: Asus X470-PLUS TUF gaming (Yes I know it's poor but I wasn't informed) RAM: Corsair VENGEANCE® LPX DDR4 3200Mhz CL16-18-18-36 2x8GB

            CPU: Ryzen 9 5900X          Case: Antec P8     PSU: Corsair RM850x                        Cooler: Antec K240 with two Noctura Industrial PPC 3000 PWM

            Drives: Samsung 970 EVO plus 250GB, Micron 1100 2TB, Seagate ST4000DM000/1F2168 GPU: EVGA RTX 2080 ti Black edition

Link to comment
Share on other sites

Link to post
Share on other sites

Just want to add that according to the Google specification, Google is strongly advicing phone manufacturers to not let users disable this globally. However, the same spec also dictates that phone manufacturers must let users disable this feature on an app by app basis. 

 

In other words, you will have the option to disable this block for an app if you really want to. 

Link to comment
Share on other sites

Link to post
Share on other sites

On 9/12/2024 at 1:42 AM, Mark Kaine said:

true... but if they do that's one step more towards losing the whole European market, because that would be almost certainly against a plethora of anti competitive rules.

 

Sure that might not stop them, its still a very big step into that direction considering recent rulings and laws. 

Enforcement typically takes years, the damage is long done by then and plenty of profits were made.

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×