One of the things that characterizes and characterizes Android has been the possibility of installing applications from third-party sources. For an application like WhatsApp to work normally, you simply install the APK file. But like everything in this life, there are sources and resources. resources. Some are legitimate, some not so much. An APK from an unknown source can work against both the user and the developer, so Google Play has introduced a feature to put a stop to this.

Problem. There are a number of reasons why a user might choose to install an app via APK instead of the Google Play Store. There are just as many reasons why a developer might not. For example, let’s say an install via APK doesn’t count towards Google Play’s metrics. Perhaps the user is installing an older version that isn’t optimized for their device, or they’re installing a version that’s been modified to provide functionality that would otherwise be paid for. This can be detrimental to both parties involved (user and developer).

Android knows everything. While the result of installing from an APK or the Google Play Store is more or less the same, Android knows its stuff. As Xataka Android points out, the operating system “records the origins of each app to prevent overwriting with a different version.” This is important because it’s possible that the version offered via APK is different from the version on the Google Play Store. This is the case with WhatsApp, for example.

Recently, Google Play has been using this information to offer us the possibility of updating applications installed via APK from the Google Play Store. When we install an application from an APK, the Google Play Store detects it and allows us to update it from the store, thus becoming the “official distribution channel” for updates to that application. In short:

1. WhatsApp downloads from webinventadaAPKs.com
2. Google Play Store detects installation
3. Lets you update WhatsApp to the latest version available on Google Play Store
4. WhatsApp will now be updated from Google Play Store like any other app, even if you downloaded it from another site

Image | Google

Hey, where does this app come from? Now that we know that, we can understand how the newest feature on the Google Play Store works: the Play Integrity API. In short, this API allows developers to use this information we explained earlier to detect installs from third-party sources and somehow force the user to download the app from the Google Play Store. If you don’t, it won’t be available until you do.

As stated in the official Google documentation, “when potentially dangerous and fraudulent interactions such as modified versions of the app and untrusted environments are detected, your app’s backend server can take appropriate measures to prevent attacks and mitigate abuse. One of these measures is to require the app to be installed from Google Play.”

This is not the end of APKs. On the one hand, it is the developer who must implement this API in his own application if he wishes. On the other hand, this measure is not contrary to the application. open source It is possible that a developer has published it on a forum or in a well-known APK repository, but this is a measure taken to combat fake apps. And this is nothing terribly new, as it is actually an evolution of a function already offered in SafetyNet.

However, it can (and probably will) be a major turn-off for most “hardcore” users who like to install apps from beta versions, apps from other sources etc. because they are more up-to-date. Not to mention that not everything in this world is Android with Google. There are other versions like e/OS or GrapheneOS that do not have the Google Play Store and this is undoubtedly a heavy blow to their users.

Cover image | Daniel Romero

On Xataka | I tried GrapheneOS: super secure Android without Google’s control