Summary
- Android 15 contains code for an Enhanced Confirmation Mode that would improve app installation security against malicious access to sensitive data.
- The new feature builds on the existing Restricted Settings feature introduced with Android 13.
- Enhanced Confirmation Mode is expected to use a system-level allowlist to check for certain apps that should still be able to access sensitive features like Accessibility or Notification Listener services.
While the Google Play Store is the primary platform for Android users to download their apps and games, the platform also allows users to obtain their apps from other sources, a process known as sideloading. This has been a long-standing advantage of Android over Apple’s iOS. However, with Apple adopting a more Android-like approach in Europe, the gap between the two operating systems is narrowing.
Android 15 could stop you from leaking sensitive content while screen sharing
The problem goes beyond oversharing in screen recordings — malicious apps are an issue too
Despite iOS’s traditionally complicated procedures for sideloading apps, the same process has always been pretty straightforward on Android. Nevertheless, Android still has some strict guidelines and security measures in place to prevent malicious apps from exploiting the user’s data and compromising their privacy. The operating system does this by checking the app’s access to Accessibility and Notification Listener APIs.
Reporting for Android Authority, Android expert Mishaal Rahman discovered that Google is working on a new feature called Enhanced Confirmation Mode for Android 15. This feature, which hasn’t yet gone live as of Android 15 Beta 1.1, is designed to further enhance the security of app installations. Rahman was able to glean more details about the feature by delving into the code.
Building on the existing Restricted Settings system
Before we delve into how the Enhanced Confirmation Mode works, it’s important to understand the functionality of Restricted Settings on Android.
Source: Android Authority – Mishaal Rahman
Starting from Android 13, Google has implemented a feature called Restricted Settings that prevents users from enabling Accessibility or Notification Listener services for apps installed through sideloading. This feature is designed to enhance data security by limiting the capabilities of apps obtained from sources other than the Google Play Store.
However, Google is not sitting idle. It’s actively developing what it’s calling Enhanced Confirmation Mode. This new feature is designed to counter the misuse of Android’s session-based installation APIs, the same system that Android relies upon to determine whether the app is downloaded from the Play Store or is sideloaded.
This is how Google’s new Enhanced Confirmation Mode works
The Enhanced Confirmation Mode, in alignment with the Restricted Settings, empowers you to block malicious apps’ access to your sensitive data. When you wish to enable Accessibility or Notification Listener services for an app, the ECM steps in, blocking the process and notifying you that “for your security, this setting is currently unavailable.”
The ECM further explains that “this app has requested the %1$s permission, which is a restricted setting because it can put your security & privacy at risk. Restriction to this permission may prevent this app from working.”
Source: Android Authority / Mishaal Rahman
Moreover, the Enhanced Confirmation Mode works by checking an allowlist in the /system/etc/sysconfig path of Android 15. This XML file, which is preloaded in the factory image, can indicate which apps should be allowed to bypass Android’s restrictions. The Enhanced Confirmation Mode relies on this allowlist to determine which apps are “trusted packages,” meaning they have been verified as safe and secure. Additionally, installers listed in the XML file and their related apps can bypass Enhanced Confirmation Mode restrictions.
This way, once a user tries to enable Accessibility or Notification Listener services for a sideloaded app, the ECM issues a dialog to let the user know whether the app can be trusted. Meanwhile, it remains to be seen whether Android 15 will allow you to exempt a sideloaded app from Enhanced Confirmation Mode restrictions. The current Restricted Settings do allow for this, but it’s important to note that doing so comes with certain risks. By exempting an app, you are essentially bypassing the security measures put in place by Google, which could potentially expose your device and data to malicious apps.
While Enhanced Confirmation Mode is a fantastic addition to Android, there are still some questions regarding the feature that need answers, such as whether it lets Play Store be listed as a trusted installer or which third-party app stores can be allowed. We can look forward to getting these answers as the feature starts to roll out to Android 15 users.
Source link
