Earlier this month, a change was discovered in the Google Play Store which may soon restrict application sideloading on devices that use Google’s Advanced Protection Program. The details regarding application sideloading restrictions are still a bit murky, but in my opinion, Google should have turned off the feature a long time ago.
As one of the first people to jump headfirst into the Android ecosystem when the original T-Mobile G1 went on sale, I can say that the ability to sideload applications was invaluable for early adopters. Installing applications on your own wasn’t a new concept at the time. Microsoft, Palm and RIM allowed users to download and install any application they could get their hands on, just like a Windows or Mac computer. After all, smartphones were miniature computers, so why shouldn’t users be able to install the applications they want on them?
In the early days, sideloading apps on Android was a godsend. While the early app store had most of the applications you needed, those who enjoyed modifying their phones took advantage of Android’s side-loading capabilities. The XDA-community was the first to kick off the app launcher theming crazy which often required modified apk files pulled from other smartphones.
Many of you will also recall that AT&T worked with Android manufacturers for a few years to disable sideloading applications on the devices that it sold. AT&T claimed that it wanted to restrict malware on the devices that it sold to its customers. Fortunately, AT&T lifted its ban in 2011.
A lot has changed between then and now. Android is now the dominant computing platform on the planet and there’s no evidence to suggest that it will change any time soon. If you don’t factor in China, the vast majority of users download and install all of their applications from the Play Store.
So why do I think Google should restrict application sideloading on Android?
My answer is pretty simple. Restricting the feature on Android would lead to better security on the platform and peace of mind for Android users. While it’s not necessarily true, Android is pegged as being more susceptible to malicious attacks and hacking than iOS. There are a lot of reasons for this, but Apple’s closed ecosystem through the App Store is one of the main reasons why iOS is viewed as being more secure.
Let’s be clear; I’m not suggesting Google should copy Apple’s approach and call it a day. Google should simply restrict application sideloading on Android so that there’s an extra level or two of security. The best option would be to tie sideloading applications back to Google Play so that the owner of the phone can authenticate the installation with their password, just like you would for a purchase through the Play Store. This tie in with the Play Store would also allow Google to use Google Play Protect to scan any applications for known malicious code before they are sideloaded.
To ensure as many users as possible are protected, this feature should be turned on by default. That being said, users should be given the option to turn it off at any time (with proper verification) so that they can install applications without going through the extra security checks.
Obviously, restricting application sideloading on Android by tying it back to the Play Store will not fix all of Android’s security problems. That being said, having an extra layer of security can never hurt. It’s still not clear what type of restrictions Google will be implementing for those who have signed up for its Advanced Protection Program. If the restrictions are beneficial for those who want to opt-in for additional security, Google should consider bringing them to all of its users.
What’s your take on restricting application sideloading on Android?