Android blocks installation of apps from third-party sources. Why is this important?

^{Source: androidauthority.com}

Let me say right away that this is not a centralized blocking by Google itself. No, the company simply allowed software developers themselves to close the ability to download their applications from third-party sources. Including installation via APK files. It may well be that some developers of commercial applications popular among users can take advantage of this opportunity. What happened and what could this lead to?

What's happening

Android app developers can now block the installation of their software from third-party sources. That is, the creator of a program can allow its installation only from Google Play. It is even possible to prohibit the installation from APK files, which has long been familiar to many. And this can have a significant impact on the balance of power in the Android app ecosystem.

Over the 16 years of Android OS existence, users have become accustomed to the fact that almost any application can be installed from anywhere. Or rather, from any place where it exists, including downloading an APK file. Very often, this feature is cited as an advantage of Android over iOS. Administrators of the iOS application catalog can block any application at any time – and there is nothing they can do about it. There is no easy way to install an application that is not in the App Store.

Now, roughly the same thing can happen with Android. Of course, the administration of the application catalog can also delete the program, but previously such software could be downloaded from somewhere else anyway. There are also a lot of different alternative program catalogs, including RuStore. Now, if the developer of a popular application wants to block downloading software from alternative sources, users will have difficulties.

Google, as far as we can tell, is gradually implementing a policy of tying users to a specific catalog of applications – its catalog, Google Play. This is done by adding a set of Play Integrity API commands, to which developers now have full access. To access the Play Integrity API, the standard Android SDK is used with the appropriate libraries. Sample code for initializing an API call:

PlayIntegrityManager integrityManager = PlayIntegrityManagerFactory.create(context);
IntegrityTokenRequest integrityTokenRequest = IntegrityTokenRequest.builder()
    .setNonce(nonce) // Генерация уникального nonce для каждого запроса
    .build();

integrityManager.requestIntegrityToken(integrityTokenRequest)
    .addOnSuccessListener(new OnSuccessListener<IntegrityTokenResponse>() {
        @Override
        public void onSuccess(IntegrityTokenResponse integrityTokenResponse) {
            String integrityToken = integrityTokenResponse.token(); 
            // Отправка токена на сервер для валидации
        }
    })
    .addOnFailureListener(new OnFailureListener() {
        @Override
        public void onFailure(Exception e) {
            // Обработка ошибок
        }
    });

Play Integrity API Key Goals According to Google

According to Google, the Play Integrity API aims to improve the safety and security of apps and devices, ultimately making the Android ecosystem safer for everyday users.

Android OS program creators may not use these commands. But, on the other hand, there are those who want to get more money by installing from an official source.

Why is this change so important?

The thing is that there are many more Android users than iOS users. Android's market share is 71.67% versus iOS's 21.73%. Accordingly, the changes could affect tens of millions of users. And most likely, they will.

The problem is not new: Google unveiled new tools at Google I/O 2024 and made them available to everyone just four months later. This was probably done because there were requests from game and software makers for anti-piracy measures. The company probably didn’t want to use centralized methods of blocking apps like iOS. So, after some thought, the company decided to provide developers with a standalone tool that prevents pirated copies of software from being downloaded.

It turns out that the developer himself can decide what level of restrictions to apply and how to deal with his own software. This is very different from what is in iOS – there is centralized catalog management from day one, and all developers are subject to Apple's policy regarding software installation.

Here it is worth remembering that most major Android device suppliers have their own application catalog: GetApps for Xiaomi, AppGallery for Huawei, Galaxy Store for Samsung, and in the Russian Federation it is RuStore, which is currently relevant for many users. And if all these third-party catalogs stop working, then large companies will face claims from their customers, because the sold phones are valuable, first of all, due to the ability to install any applications.

Experts believe that the problem will worsen over time as the number of developers using the Play Integrity API increases. In the opinion of representatives of the Android Authority portal, some developers have already implemented new tools. For example, we are talking about Tesco and BeyBlade X, as well as the game Diablo Immortal.

Of course, it may well be that the craftsmen will quickly figure out the Play Integrity API and specialized utilities will start to appear. But still, this narrows the range of possibilities for Android users – not all of them are technically savvy. In any case, in order to understand the impact of new tools in Android OS, you need to wait for six months or a year.