Back in June this year, a new feature was introduced to Google Play Store to apps’ APK Signing Block that added “security metadata” to make sure the authenticity during offline installation of an app.
Peer-to-peer (P2P) sharing is often done in nations where connectivity is limited and mobile data is pricey.
This additional payload will give users more confidence when using Play-approved P2P sharing apps.
“This is an important step that improves the integrity of Google Play’s mobile app ecosystem. ”
Now today, the company has rolled out a beta of Google Play approved offline peer-to-peer (P2P) installs program with third-party application developers.
With this feature, when a user distributes an app via P2P, Google Play will ascertain the shared app authenticity even when a device has no internet connectivity.
Once a data connection is restored, those shared apps will then automatically get added to a users’ Play Library. These apps then become eligible for regular app updates.
P2P sharing is applicable through Play-approved peer-to-peer app beta partners, like Lenovo’s SHAREIt, which is live today.
Additionally, Google’s Files Go and Xender are planned for integration in the coming weeks.
Developers who make their apps P2P compatible will get benefit such as authorized offline distribution channel by Play.
Please visit the Play Store to make sure you have the latest versions of these apps.
Google says no action from the developers or users. is required.
Starting today, Google is also introducing Android Protected Confirmation, a new security feature to Android Pie.
The feature says Google is designed to carry out critical transactions such as banking and controlling medical devices.
Google touts the feature to be the “first major mobile OS API that leverages a hardware protected user interface (Trusted UI).” It shields from fraudulent apps or a compromised operating system.
The confirmation is then sent to the bank in this case by “cryptographically authenticated and unforgeable.”
Google explains, “Once the user approves a transaction, Protected Confirmation digitally signs the confirmation message.”
Adding, “Because the signing key never leaves the Trusted UI’s hardware sandbox, neither app malware nor a compromised operating system can fool the user into authorizing anything.”
This provides an assurance to the bank that an end-user originated the command while safeguarding the transaction.
Users’ need to double-press the power button with the prompt appearing next to the physical button, with cancel done by clicking the volume up key.
A look at the Android Protection Confirmation:
In addition, Protected Confirmation can be used to strengthen “One Time Passwords” or “Transaction Authentication Numbers.”
Android Protected Confirmation can be adopted by any third-party app, with banking and medical partners showing off various examples at I/O 2018 in the video embedded below:
Developers can refer Android Protected Confirmation training article to start integrating Protected Confirmation into their app.
The Pixel 3 and Pixel 3 XL is the first to support this new functionality.
Google notes the feature may not be supported by all devices running Android Pie, because of “low-level hardware dependencies.”
Adding, Google said, they are closely working with other devices to bring the support to more devices.