Apps can now block sideloading easier and force downloads through Google Play

There&#x27;s no such thing as &quot;your Android phone&quot; - this phone is not really yours. Not just because Android acts against your interest, but also because you have no access to the TEE (which powers DRM for example).<p>Things will get even worse because Google is working on the AVF framework which includes so called &quot;protected VMs&quot; - of course they&#x27;re meant to be protected from you, the user. Their &quot;security&quot; (where you&#x27;re the &quot;attacker&quot;) is based on the TEE but also a so called &quot;protected vm firmware&quot;. In their design document they explicitly say that these protected VMs can provide &quot;security&quot; only with locked bootloader.. you probably know what that means..

Smart move, you&#x27;re not forcing the use of your app store if all major applications enable this of their own will

Seems like it&#x27;s going to get even more annoying to get apps for a country that you&#x27;re traveling in. So many apps you want to use as a tourist are geolocked

Note this can practically only be enforced by apps that communicate with a server. For pure client side apps, one can simply patch the code (albeit this won&#x27;t give them access to the saved data due to signature mismatch).<p>However, Google is developing a new obfuscation method called pairip (officially automatic integrity protection) that makes it really hard to patch apps by moving some java code to an encrypted vm riddled with checksums and anti debugging checks.. Fortunately &quot;really hard&quot; (and yes, the vm is crazy..) doesn&#x27;t mean impossible.<p>But for server side services, this will unfortunately serve its purpose.

[dupe]<p>More discussion: <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=41515588">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=41515588</a>

<i>sigh</i> so no more cracked Spotify on Android, I guess. Too bad. A lot of the Android warez scene will take a huge hit from this.