Google is pushing out a new version of the Play Store for Android users around the world. Like most updates to this version, there really aren't any notable changes showing up already, but there are a few interesting things hidden beneath the hood. There are some new features focused on improving security for apps that are updated from unexpected sources and making its security scanner more visible to users. There's also a plan to move notification settings to their own dedicated screen.

Teardown

Disclaimer: Teardowns are based on evidence found inside of apks (Android's application package) and are necessarily speculative and usually based on incomplete information. It's possible that the guesses made here are totally and completely wrong. Even when predictions are correct, there is always a chance that plans could change or may be canceled entirely. Much like rumors, nothing is certain until it's officially announced and released.

The features discussed below are probably not live yet, or may only be live for a small percentage of users. Unless stated otherwise, don't expect to see these features if you install the apk.

Warnings about installing unknown and unsafe software

If you've been watching out for news about Android O, one of our spotlights covered a tweak to the classic Unknown Sources safety measure intended to prevent installation of potentially dangerous apps. It looks like there's also some momentum from the Play Store to also slow down some of the risky behavior.

Some new text describes a "speedbump" intended to remind users that the source of an update they're about to install is not known or necessarily trustworthy. This actually makes the distinction between the original installer of an app, let's say the Play Store or Amazon Appstore, and the source of the update, which might be a different app store, sideloading with ADB, or installing an APK with any other app.

code

The warning messages feel a little misrepresentative by associating the issue with stability and improper functionality. It should focus on the nuance that switching sources may affect the consistency and timeliness of updates since they may differ from one source to the next. All the same, the wording is sufficiently ominous as to prevent most regular people from pulling the trigger.

Increased visibility of the app scanner

Back in the Android 4.2 days, Google began rolling out what could be loosely described as a virus scanner as a part of the Play Store, eventually making it "constantly active." We rarely heard much about it afterward because most of the serious malware was never even allowed to enter the Play Store thanks to Google's Bouncer scanner. Nevertheless, Google continues to improve the scanner, particularly since it's still an important tool to combat malware installed from sources other than trusted app stores.

A recent Play Services update already took one step to make the scanner capabilities a bit more visible with a "Verify Apps" screen with a list of recent scans. It appears the Play Store is going to take another step by giving users a viewport of its current status and more information about the results.

In short, we'll be able to see if the scanner is running or if it will wait until the next time it's online, and we'll see if there are any issues discovered. It doesn't sound like much, but this really isn't much less detailed than most modern virus scanners.

code

Frankly, I'm a little skeptical that this is really going to have any impact on security since users still have no way to interact with it or make any changes. If anything, I suspect the real intent is to raise the visibility of the scanner in Android, probably for the purpose of giving peace of mind to people that only read sensationalist FUD in the news and don't know about or understand the details.

While exposing the scanner in this way might not be terribly relevant, the red flags it can raise about an app are. More specifically, the messages it may show are actually somewhat specific, definitely threatening, and sometimes even quite funny.

code

The messages call out apps that may be spyware, root tools, zombie apps (i.e. run on your device and run DDOS attacks against other sites), ransomware, and a couple dozen other types of possible violators. It will even point out if an app might attack non-Android devices, and especially any device running Windows. (Hey, Microsoft... You're welcome?)

Dedicated settings screen for notifications

The Play Store isn't particularly flush with different types of notifications. Off the top of my head, I can only think of three most of us are likely to see: pending updates, updated apps (auto and manual), and if you're pre-registering for unreleased apps and games, you'll also get notifications when those become available. It's a short list, but it seems like Google is going to add a dedicated screen for the toggles to turn them on and off.

code

There's not much else in the way of details to give about this one yet, but it seems like this screen would only exist if the developers had plans to add some additional notifications in the future.

Download

The APK is signed by Google and upgrades your existing app. The cryptographic signature guarantees that the file is safe to install and was not tampered with in any way. Rather than wait for Google to push this download to your devices, which can take days, download and install it just like any other APK.

Version: 7.7.0.8