Hi All, Out of curiosity, why did the change occur? Has Google published any numbers correlating Play Downloads with Malicious Updates? Or: how frequently did this happen in the wild?
Is there a paper out there that I missed discussing the trend? Jeff http://www.pcadvisor.co.uk/news/mobile-phone/3445092/google-play-changes-bring-cautious-optimism-on-android-security/ Google's decision to have Android apps on Google Play updated only through the online store will likely improve security on the mobile platform, but by how much remains to be seen, experts say. Google recently changed its Play Developer Program Policies to say, "an app downloaded from Google Play may not modify, replace or update its own APK binary code using any method other than Google Play's update mechanism." The APK, or Android application package file, is the format used to distribute and install apps onto the operating system. The move makes it much more difficult to turn a benign app into a malicious one once it leaves Google Play. When apps could be updated through a third-party server, unscrupulous developers could install malware or have the upgrade gather more personal data than the previous version. ... -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
