Skip to main content

Google is adding DRM to Play Store apps for offline verification

app store reviews google play store

Google is adding small sections of security metadata to every app that makes it way through the Google Play Store, or other authorized app stores.

The addition comes as part of Google’s continued drive to make Android safer and more secure. 2017 saw Google take down over 700,000 malicious apps, with 99 percent of those apps being removed before any users installed them. That’s pretty good, but Google’s working hard to make sure the Play Store’s security is even more water-tight, and DRM seems to be the answer to that.

The word “DRM” — or “digital rights management” — leaves a sour taste in many mouths, and we’ve seen a bunch of companies do questionable things with their DRM over the years. However, it’s important to note what Google attempting to achieve with this addition, and how the DRM helps to keep Android devices safe. Google’s existing app verification methods require a device to be online, but with the addition of small sections of security metadata, Android phones can identify when an app has been verified by the Play Store’s security measures. If that security metadata is missing, then Android can warn the user that the app they’ve downloading doesn’t come from a legitimate source.

Why all this emphasis on offline verification? With certain markets having reached smartphone saturation levels, Google has shifted focus to developing markets, where smartphones populations are not as dense, and where Android has room to grow with variants like Android Go. Problem is, those areas can lack a consistent mobile data connection, or mobile data itself can be more expensive. Therefore, security measures that rely on a data connection simply won’t fly in those areas.

It seems that Google has come up with a pretty good way of sidestepping the data problem, though it remains to be seen how secure Google’s security metadata is — if the metadata can just be copied by malicious third-parties, then the DRM is pretty useless. Still, we imagine Google’s seen that problem coming, and taken steps to avoid it.

Still, while Google’s security has taken several giant leaps up in the last few years, there are still a few things that you, the user, can do to make sure you’re safe. Check out our list of tips on how to stay safe, and the best antivirus apps for Android.

Editors' Recommendations