Google is pushing out a new version of the Play Store for Android users around the world. Like most updates to this version, there really aren't any notable changes showing up already, but there are a few interesting things hidden beneath the hood. There are some new features focused on improving security for apps that are updated from unexpected sources and making its security scanner more visible to users. There's also a plan to move notification settings to their own dedicated screen.

Teardown

Disclaimer: Teardowns are based on evidence found inside of apks (Android's application package) and are necessarily speculative and usually based on incomplete information. It's possible that the guesses made here are totally and completely wrong. Even when predictions are correct, there is always a chance that plans could change or may be canceled entirely. Much like rumors, nothing is certain until it's officially announced and released.

The features discussed below are probably not live yet, or may only be live for a small percentage of users. Unless stated otherwise, don't expect to see these features if you install the apk.

Warnings about installing unknown and unsafe software

If you've been watching out for news about Android O, one of our spotlights covered a tweak to the classic Unknown Sources safety measure intended to prevent installation of potentially dangerous apps. It looks like there's also some momentum from the Play Store to also slow down some of the risky behavior.

Some new text describes a "speedbump" intended to remind users that the source of an update they're about to install is not known or necessarily trustworthy. This actually makes the distinction between the original installer of an app, let's say the Play Store or Amazon Appstore, and the source of the update, which might be a different app store, sideloading with ADB, or installing an APK with any other app.

code

<string name="speedbump_settings_label">Protect my updates</string>
<string name="speedbump_settings_description">Notify when apps are updated by unknown sources</string>

<string name="package_speedbump_banner">Update is from an unverified source.</string>
<string name="package_speedbump_dialog_description">You installed this app from %1$s. %2$s is trying to update it. If you install this update, the app or your device might not work properly.</string>
<string name="package_speedbump_dialog_detailed_description">Updates that come from unverified sources could cause your device or apps to behave unpredictably. To keep your device stable, install updates from the same app store where you got the app from.</string>
<string name="package_speedbump_dont_update_text">DON'T UPDATE</string>
<string name="package_speedbump_headsup_action_view_app">VIEW APP</string>
<string name="package_speedbump_headsup_description">You'll still get verified updates from %1$s</string>
<string name="package_speedbump_headsup_title">Unsafe update blocked</string>
<string name="package_speedbump_install_anyway">Install anyway</string>

The warning messages feel a little misrepresentative by associating the issue with stability and improper functionality. It should focus on the nuance that switching sources may affect the consistency and timeliness of updates since they may differ from one source to the next. All the same, the wording is sufficiently ominous as to prevent most regular people from pulling the trigger.

Increased visibility of the app scanner

Back in the Android 4.2 days, Google began rolling out what could be loosely described as a virus scanner as a part of the Play Store, eventually making it "constantly active." We rarely heard much about it afterward because most of the serious malware was never even allowed to enter the Play Store thanks to Google's Bouncer scanner. Nevertheless, Google continues to improve the scanner, particularly since it's still an important tool to combat malware installed from sources other than trusted app stores.

2017-04-04 22.08.43

A recent Play Services update already took one step to make the scanner capabilities a bit more visible with a "Verify Apps" screen with a list of recent scans. It appears the Play Store is going to take another step by giving users a viewport of its current status and more information about the results.

In short, we'll be able to see if the scanner is running or if it will wait until the next time it's online, and we'll see if there are any issues discovered. It doesn't sound like much, but this really isn't much less detailed than most modern virus scanners.

code

<string name="verify_app_install_offline">Security scan will run when next online</string>
<string name="verify_app_install_scanning">Verify apps is scanning...</string>
<string name="verify_app_no_issues_found_banner">No issues were found</string>

<string name="myapps_security_scanning">Verify Apps is scanning…</string>
<string name="myapps_security_scanning_timed_out">App verification timed out</string>
<string name="myapps_security_info_message">Your apps are safe. Last daily scan %1$s. &lt;a href=\"\"&gt;Learn more&lt;/a&gt;</string>
<string name="myapps_security_one_pha_title">Harmful app found</string>
<string name="myapps_security_one_pha_message">One harmful app found:</string>
<string name="myapps_security_one_pha_dismissed_message">Last daily scan %1$s. 1 harmful app found. &lt;a href=\"\"&gt;Learn more&lt;/a&gt;</string>
<string name="myapps_security_several_phas_message">%1$d harmful apps found. Last daily scan %2$s. &lt;a href=\"\"&gt;Learn more&lt;/a&gt;</string>
<string name="myapps_security_one_pha_removed_message">Last daily scan %1$s. %2$s was removed. &lt;a href=\"\"&gt;Learn more&lt;/a&gt;</string>

New layouts:
/layout/my_apps_security_action_in_progres.xml
/layout/my_apps_security_info.xml
/layout/my_apps_security_one_pha_dismissed.xml
/layout/my_apps_security_one_pha_removed.xml
/layout/my_apps_security_one_pha.xml
/layout/my_apps_security_scanning_in_progress.xml
/layout/my_apps_security_several_phas.xml

<activity android:name="com.google.android.vending.verifier.VerifyInstallSnackbarActivity" android:excludeFromRecents="true" android:launchMode="singleInstance" android:noHistory="true" android:taskAffinity="" android:theme="@style/TransparentSnackBarTheme" />

Frankly, I'm a little skeptical that this is really going to have any impact on security since users still have no way to interact with it or make any changes. If anything, I suspect the real intent is to raise the visibility of the scanner in Android, probably for the purpose of giving peace of mind to people that only read sensationalist FUD in the news and don't know about or understand the details.

While exposing the scanner in this way might not be terribly relevant, the red flags it can raise about an app are. More specifically, the messages it may show are actually somewhat specific, definitely threatening, and sometimes even quite funny.

code

<string name="verify_apps_block_backdoor">This app lets hackers control your device, giving them unauthorized access to your data.</string>
<string name="verify_apps_block_commercial_spyware">This app can be used to spy on you.</string>
<string name="verify_apps_block_ddos">This app can be used to perform denial of service attacks against other systems and resources.</string>
<string name="verify_apps_block_generic_malware">This app can damage your device, add hidden charges to your mobile bill, or steal your personal information.</string>
<string name="verify_apps_block_harmful_distribution">This app is being installed by another app that's known to be harmful.</string>
<string name="verify_apps_block_hostile_downloader">This app can download potentially harmful apps.</string>
<string name="verify_apps_block_phishing">This app is fake. It can steal your personal data, such as passwords.</string>
<string name="verify_apps_block_privilege_escalation">This app can permanently damage your device or cost you money.</string>
<string name="verify_apps_block_ransomware">This app can restrict access to your device until a sum of money is paid.</string>
<string name="verify_apps_block_rooting_malware">This app contains code that attempts to bypass Android's security protections.</string>
<string name="verify_apps_block_sms_fraud">This app can add charges to your mobile bill by sending costly SMS messages without informing you first.</string>
<string name="verify_apps_block_spam">This app can be used to flood targeted tablets, PCs, and mobile phones with messages.</string>
<string name="verify_apps_block_spyware">This app can spy on you by sending your personal data to unauthorized parties.</string>
<string name="verify_apps_block_trojan">This app is fake. It can damage your device and steal your data.</string>
<string name="verify_apps_warn_backdoor">This app lets hackers control your device, giving them unauthorized access to your data.</string>
<string name="verify_apps_warn_call_fraud">This app can add charges to your mobile bill by making costly calls without informing you first.</string>
<string name="verify_apps_warn_commercial_spyware">This app can be used to spy on you.</string>
<string name="verify_apps_warn_data_collection">This app can collect data that may be used to track you.</string>
<string name="verify_apps_warn_ddos">This app can be used to perform denial of service attacks against other systems and resources.</string>
<string name="verify_apps_warn_generic_malware">This app can damage your device, add hidden charges to your mobile bill, or steal your personal information.</string>
<string name="verify_apps_warn_harmful_distribution">This app is being installed by another app that's known to be harmful.</string>
<string name="verify_apps_warn_harmful_site">This app comes from a website that distributes potentially harmful apps.</string>
<string name="verify_apps_warn_hostile_downloader">This app can download potentially harmful apps.</string>
<string name="verify_apps_warn_non_android_threat">This app can harm non-Android devices.</string>
<string name="verify_apps_warn_phishing">This app is fake. It can steal your personal data, such as passwords.</string>
<string name="verify_apps_warn_privilege_escalation">This app can permanently damage your device or cost you money.</string>
<string name="verify_apps_warn_ransomware">This app can restrict access to your device until a sum of money is paid.</string>
<string name="verify_apps_warn_rooting">This app contains code that attempts to bypass Android's security protections.</string>
<string name="verify_apps_warn_sms_fraud">This app can add charges to your mobile bill by sending costly SMS messages without informing you first.</string>
<string name="verify_apps_warn_spam">This app can be used to flood targeted tablets, PCs, and mobile phones with messages.</string>
<string name="verify_apps_warn_spyware">This app can spy on you by sending your personal data to unauthorized parties.</string>
<string name="verify_apps_warn_toll_fraud">This app can add charges to your mobile bill without asking you first.</string>
<string name="verify_apps_warn_trojan">This app is fake. It can damage your device and steal your data.</string>
<string name="verify_apps_warn_uncommon">This app can harm your device, add unwanted charges to your mobile bill, or expose your personal information.</string>
<string name="verify_apps_warn_windows_malware">This app can harm a device running Windows.</string>

The messages call out apps that may be spyware, root tools, zombie apps (i.e. run on your device and run DDOS attacks against other sites), ransomware, and a couple dozen other types of possible violators. It will even point out if an app might attack non-Android devices, and especially any device running Windows. (Hey, Microsoft... You're welcome?)

Dedicated settings screen for notifications

2017-04-04 21.28.00

The Play Store isn't particularly flush with different types of notifications. Off the top of my head, I can only think of three most of us are likely to see: pending updates, updated apps (auto and manual), and if you're pre-registering for unreleased apps and games, you'll also get notifications when those become available. It's a short list, but it seems like Google is going to add a dedicated screen for the toggles to turn them on and off.

code

<activity android:name="com.google.android.finsky.notificationsettings.NotificationsSettingsActivity" android:configChanges="keyboardHidden|orientation" android:label="@string/settings_notifications_section_header" android:parentActivityName="com.google.android.finsky.activities.SettingsActivity" android:theme="@style/SettingsTheme">
<meta-data android:name="android.support.PARENT_ACTIVITY" android:value="com.google.android.finsky.activities.SettingsActivity" />
</activity>

There's not much else in the way of details to give about this one yet, but it seems like this screen would only exist if the developers had plans to add some additional notifications in the future.

Download

The APK is signed by Google and upgrades your existing app. The cryptographic signature guarantees that the file is safe to install and was not tampered with in any way. Rather than wait for Google to push this download to your devices, which can take days, download and install it just like any other APK.

Version: 7.7.0.8