[Android M Feature Spotlight] You Can Enable And Disable Battery Saver By Voice
[Android M Feature Spotlight] Formal MIDI Support And Several Other Improvements For Audio Input And Output Are On The Way
[Android M Feature Spotlight] Stricter APK Validation Now Actually Checks If All Of An APK's Files Are Present
[Android M Feature Spotlight] Android Now Supports Native 4K Video Output With New API
[Update: Another New Feature!] The Stock Calculator App Has Been Overhauled, No Longer Uses Floating Point Arithmetic
- View All 77 Articles In This Series
While you might file this one under "really? We weren't doing this already?" if you're a security expert, Google has added stricter validation of APKs in Android "M" that should prevent what I guess you could call tinkering by omission.
Previously, APK validation checks looked at the SHA-1 signature for every file in said APK against those stored in the app's manifest.mf file, which is automatically generated during the signing process. If any of the files were modified, the APK would fail validation, and then fail to install or launch. This is an obvious security measure, designed to prevent people from loading up malicious software or otherwise doing nefarious things with legitimate APKs.
What the system didn't look for was missing files. While previously Android validated every file in the APK to ensure it was in the manifest and had a matching signature, it did not look for files declared in the manifest but that were not in the APK. This could allow someone to distribute an APK that was missing files it originally had, files that could be related to security, DRM, or other potentially sensitive features without having to resign it. While it's not clear if Google discovered an obvious way to exploit this, the fact that it didn't do a double-ended check on the manifest does seem a bit silly in hindsight.
With Android M, the system now does such a check, and if files listed in the manifest aren't present in the actual APK, the validation will fail. The APK must be resigned with an updated manifest if it is to pass validation, which will then obviously change the signature, signaling that the APK has been tampered with.
- Android Developers