Android 15 could feature extra security to protect users from shady sideloaded apps
We've been hearing a lot about Android 15 recently, and Google has confirmed that there’s an emphasis on privacy and security in this version of the mobile operating system. Part of that may include extra security features when side loading and installing apps from places other than the Google Play Store.
According to Mishaal Rahman at Android Authority, Android now contains code hinting at something called “Enhanced Confirmation Mode”. While the feature itself isn’t included in the Android 15 beta just yet, it seems it's designed to improve security surrounding app installation settings and expand upon Android 13’s Restricted Settings feature.
Restricted Settings was designed to limit the capabilities of apps users installed from anywhere other than Google Play. Specifically this stops users from being able to enable Accessibility or Notification Listener services for sideloaded apps — which helps improve data security when the source is unknown.
Enhanced Confirmation Mode will work in tandem with Restricted Settings to deny sideloaded apps access to sensitive data — in case that they come from a malicious source. Specifically it’s designed to prevent misuse of a session-based installation API, which exploits the system Android uses to determine whether an app came from Google Play or not.
Specifically it’s designed to prevent misuse of a session-based installation API, which exploits the system Android uses to determine whether an app came from Google Play or not.
It does this by checking an allowlist in the system settings, checking for an XML file that’s loaded into the factory image. Without this the app won’t be able to bypass these security restrictions and access services like Accessibility or Notification Listener. Any attempts to try will see a specific ECM dialog explaining that these permissions are not available.
However it’s unclear whether there will be an option to exempt certain apps with ECM, as is the case with Restricted Settings. It’s also unclear if well known third party app stores, like Amazon’s, will be exempt from these restrictions.
The ability to sideload on Android is a fantastic one, though it does come with plenty of risks. So it’s great to see that Google is doing what it can to keep your sensitive data safe, without restricting how and when you can install apps from unofficial sources.
The Android 15 beta is currently available to install to people with eligible devices, and we’ll be hearing more about the software at Google I/O 2024 next month. Android 15 itself isn’t expected to start rolling out until much later in the year— though it’s unclear exactly when.