Android 14 to add more APK sideloading restrictions


You might not be able to install apps targeting outdated Android versions anymore


It feels like Android 13 hasn’t been out all that long, but Google is already preparing to launch Android 14 to power the next generation of excellent smartphones. We can expect a developer preview in a month or two, so the company already needs to prepare some code ahead of the public release. One of these code changes has just been spotted, and it looks like Android 14 will prevent you from installing and sideloading apps that target outdated versions of Android on your devices.

ANDROIDPOLICE VIDEO OF THE DAY

9to5Google spotted a now-private code tweak that points to stricter API requirements for app installation. According to the publication, it reads, “If the minimum installable SDK version enforcement is enabled, block the install of apps using a lower target SDK version than required. This helps improve security and privacy as malware can target older SDK versions to avoid enforcement of new API behavior.” This would prevent you from installing apps targeting outdated Android versions altogether, even when you try to sideload it. Reportedly, Android 14 will initially only block the oldest API levels, but the long-term plan is to raise the threshold to Android 6.

Before you get out your pitchforks, there will apparently be a workaround if you really need an app that’s no longer updated. According to 9to5Google, there will be a new flag that overrides the requirement, though it needs to be enabled via the ADB command shell.

It’s likely that the main purpose of the change is to make it harder for malware to spread to unsuspecting users. Malware distributors have become more sophisticated in tricking users into sideloading their apps by providing legitimate-sounding instructions. When an app is blocked from being installed altogether without resorting to ADB, this route will be much harder to exploit.

The change shouldn’t come as a complete surprise. Google already requires developers to update their apps to target newer versions of Android when they want to keep publishing updates on the Play Store. This requirement currently doesn’t apply for sideloaded apps, though, so bad actors and malware have been able to evade this security measure by simply not using the Play Store—which, of course, is already the case for most malware.



Source link