Android 8.0 has introduced a new way to protect devices from malicious Android apps installed from the web or third-party app stores.
Until now, Android users could install apps from places other than Google’s Play Store by enabling ‘Install from unknown sources’ in Android Settings. Though it is a convenient option, users are generally not recommended to enable this feature because it can lead to malicious apps being downloaded to their phone.
Moreover, users who enabled ‘Allow unknown sources’ were still exposed to a benign app offering a bogus security update that in fact installs a malicious app. Google calls these “hostile downloaders” and, according to its 2016 Android security report, they’re the second most prevalent threat on the Play Store following Trojans.
In Android Oreo, Google eschewed the setting for a new ‘Install unknown apps‘ permission that’s tied to each app.
Android Oreo users will need to grant permission to each app to allow it to download apps from untrusted sources. So, the user could enable Drive and a third-party store app to download apps outside the Play Store, but block Chrome and Gmail from downloading unknown apps.
This new per-app opt-in model should go some way to preventing hostile downloaders, given that now the user would need to give the app permission to install another app before a hostile downloader can install software with standard trickery.
The Settings app now lists which apps have been approved for installing unknown apps. Users can also revoke the permission in Settings.
Older versions of Android will continue to use the Settings page to either allow or disallow installs from outside of the Play Store.
Google has outlined changes that app developers need to make to use this new behavior. Essentially they’ll need to declare upfront that they could request permission to be able to install apps from Android’s Package Installer.
Apps that haven’t declared this permission are automatically banned from installing other apps.