Sideloading won’t work anymore for increasing number of Android apps


You're out of luck if you want to use popular apps on a custom Android device without the Google Play Store. When a developer chooses to, the sideloaded app won’t work.

Manually installing APKs may become a thing of the past. Google’s “select Play partners” now choose the automatic integrity protection feature, which checks whether the app was installed from the Play Store, or not.

The new feature in Play Integrity API protects apps “against tampering and redistribution.”

ADVERTISEMENT

“Thousands of developers are using Play Integrity API to perform integrity checks,” Dom Elliot, Group Product Manager at Google Play, said in a session covering Android security updates.

The specific “Google Play install” check determines whether the current user account has the app licensed. For example, if the user has installed or paid for the app or game on Google Play.

It’s an addition to similar security features, i.e., the one that checks if the phone itself is not rooted.

“The Play Integrity API helps you check that interactions and server requests are coming from your genuine app binary running on a genuine Android device. By detecting potentially risky and fraudulent interactions, such as from tampered app versions and untrustworthy environments, your app’s backend server can respond with appropriate actions to prevent attacks and reduce abuse,” Google explains in the documentation.

Among the listed partners of the Play API are Uber, TikTok, Stripe, game developer Kabam, and others.

When Android apps use Play Integrity API, many problems arise for users on alternative Android operating systems, such as GrapheneOS, or rooted phones. The integrity checks fail and prevent apps from running. Sideloading is the installation of an app on a mobile device without using the device's official distribution method.

A prompt will offer to get the app from Play

When a user tries to sideload an app, they receive a prompt saying, “Get this app from Play,” as first reported by Android Authority.

ADVERTISEMENT

It’s up to developers using Google Play Integrity API to choose whether to check the licensing status for the user account. If the user has the Play license for an app, the integrity check will return a “licensed” value, meaning that the user got an app on Google Play.

If the user doesn’t have a license, a developer can choose to show the dialog prompt to get the app from the Play Store.

android-prompt

“If the user accepts, the user account becomes licensed (appLicensingVerdict == "LICENSED"). The app is added to the user's Google Play library and Google Play can deliver app updates on your behalf,” Google explains.

Then Google Play checks if the app version is known.

According to Android Authority, the Tesco and BeyBlade X apps already are using this feature, the popular game Diablo Immortal has also implemented “something similar to this feature.”

In 2023, Google Play Store prevented 2.3 million policy-violating apps from publishing and banned 330,000 bad developer accounts.

ADVERTISEMENT