Google to Add Security Metadata to Google Play Apps
Google is making updates to app security to help verify product authenticity from Google Play, and is adding security metadata on top of APKs to verify that the APK was distributed by Google Play.
Google says that one of the reasons behind this is to help developers reach a wider audience, particularly in countries where peer-to-peer app sharing is common because of costly data plans and limited connectivity.
In the future, for apps obtained through Play-approved distribution channels, Google will be able to determine app authenticity while a device is offline, add those shared apps to a user's Play Library, and manage app updates when the device comes back online.
Developer will also offered with a Play-authorized offline distribution channel and, since the peer-to-peer shared app is added to their user's Play library, their app will now be eligible for app updates from Play.
Google is adjusting Google Play's maximum APK size to take into account the small metadata addition, which is inserted into the APK Signing Block.
Google's announcement of metadata support to Android APK files has fueled fears that it is an attempt to add DRM to Android apps en masse.
Google's will soon allow developers to add metadata to their apps that will allow the Android system to verify whether an installed app is the legitimately sourced version.