Xiaomi, one of the biggest phone manufacturers in China, has submitted a patch to the Android Open Source Project that should prevent users from extracting installed apps as APK files. However, Google does not agree with such changes.
The ability to install programs via APK files on Android is a fantastic feature for both developers and users, since it allows them to get new app updates fast and simply. It also allows them to extract an app’s APK file and install it on another smartphone.
Xiaomi, a Chinese company, has recently opposed to this proposal. Indeed, Xiaomi employee Guowei Du proposed changing the Android source code, stating that “the.apk files may contain confidential data, thus we should not allow anyone to restore them.” Fortunately, Google does not share this viewpoint.
The ability to extract and share APK files (which are needed to install apps) has been a big benefit for the Android ecosystem throughout the years.
A Xiaomi engineer submitted a patch to AOSP that would add an SELinux policy blocking the shell user from grabbing APK data files because they "may include some private resources."😬https://t.co/jnDRHIjEx7
— Mishaal Rahman (@MishaalRahman) May 20, 2022
If a recent update to an app creates serious problems, for example, you can utilize a crowdsourcing website like APKMirror to download an earlier version until the problem is fixed. You can also have a buddy locally send you the APK file of a game or app update to install if you just have a restricted quantity of data. These same files will be used by our APK Insight team to look for clues about unreleased features.
However, not all businesses appear to feel the same way about users looking into their app’s code and files.
A Xiaomi developer has filed a proposal to the Android Open Source Project that would restrict Android device owners from taking APK files off of their phones, according to Mishaal Rahman on Twitter. The stated rationale is a desire to safeguard “private resources.”
Instead, the Xiaomi developer recommends that programs be distributed only through the Google Play Store or another reputable app store. Fortunately, Google appears to be very opposed to the proposal, though not always for the reasons you might think.
One Googler points out a weakness in Xiaomi’s proposal: it would and should only prevent APK files from being extracted on a standard (“user”) build of Android. In that case, the Googler believes that enthusiasts would just install a debug version of Android and extract APKs as usual.
They are opposed to Xiaomi’s approach to protection because it would not genuinely safeguard anything, according to their rationale.
Google wants Otherwise
Google promptly dismissed Xiaomi’s idea, claiming that the contents of .apk should not be kept hidden, and that individuals who really want to extract .apk may always utilize a debug build of Android.
There are numerous websites where you may download.apk files. Even if Xiaomi’s proposal was adopted, consumers would have little trouble circumventing the new restrictions. Just because Xiaomi wants to cease extracting APK files does not imply it will.
Until Google decides otherwise, Android smartphone users can still extract and redistribute APK files. However, you should be cautious and only obtain APKs from trusted sources, as they may include malware.
This is also why, with its upcoming Android 13 operating system, Google will make APK installation more difficult. Apple, on the other hand, simply refuses to allow iPhone customers to install apps outside of the App Store because it considers sideloading to be a security risk. Apple had outlined in a document why iOS was more secure than Android for this reason.
Taking it a step further, several Googlers have spoken out against the notion that the contents of an APK file can ever be deemed private.
Can an APK ever be considered private?
The contents of an APK should not be expected to be kept hidden, in my opinion. I’m not sure why we would want it, and even if we did, there’s no way we could guarantee it, even with this adjustment.
Overall, it appears like Google is uninterested in making it more difficult to extract APK files from your device, which is a positive sign for Android’s app ecosystem’s open future.