Google could soon protect your Android device from dangerous PWAs and WebAPKs (APK teardown)
TL;DR Google could soon extend Play Protect to scan PWAs and WebAPKs during installation.
This new feature could protect users from malicious PWAs used for phishing and data theft.
Google has been silently protecting most Android devices through Google Play Protect, scanning the apps that users have installed, and warning them of nefarious ones. While platform-native apps remain the most popular method to access a service, Progressive Web Apps (PWAs) remain a good web-centric alternative. Unfortunately, bad actors will exploit any medium they can lay their hands on, and it becomes imperative for Google to protect its user base. We've now spotted code that suggests that Google Play Protect will start scanning Progressive Web Apps during installation to check for security issues, adding one more layer of security for users.
Authority Insights story on Android Authority. Discover
You're reading anstory on Android Authority. Discover Authority Insights for more exclusive reports, app teardowns, leaks, and in-depth tech coverage you won't find anywhere else.
An APK teardown helps predict features that may arrive on a service in the future based on work-in-progress code. However, it is possible that such predicted features may not make it to a public release.
Google Play Store v46.9.20-31 includes the following code:
Code Copy Text PlayProtect__enable_gpp_install_verification_for_pwa
Here, PWA refers to Progressive Web Apps. The flag would enable Play Protect to verify the PWAs during their installation. Yes, PWAs can be installed on a device, usually through an 'Add to Home screen' button from the browser app. If you do this through Chrome on Android, you get a WebAPK, which gives the PWA a space in your app drawer (in addition to the space on the home screen) and integrates it more deeply into the Android system than a regular PWA.
We also spotted code bits hinting at WebAPK scanning:
AssembleDebug / Android Authority
While the code mentions scanning PWAs and WebAPKs, it doesn't explain why Google would want to do so. There have been reports of malicious actors using PWAs and WebAPKs to phish and steal user information, so it's possible that Google could be aiming to protect its users from such phishing attempts by proactively warning them whenever a bad PWA or WebAPK is installed.
There are plenty of other questions to answer, like how PWA and WebAPK scanning would work if this does roll out. For usual apps distributed through the Play Store, Google already has an extensive database of apps against which it can check for tampering and other threats through Play Protect. Such a database is difficult to envisage for the entirety of the PWA universe, so we're curious to know how Google plans to approach this if it goes ahead.
PWA and WebAPK scanning are not currently available in Play Protect, and Google has not announced the feature either. We'll update you when we learn more.
Got a tip? Talk to us! Email our staff at
Email our staff at news@androidauthority.com . You can stay anonymous or get credit for the info, it's your choice.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
25 minutes ago
- Yahoo
House Democrats raise concerns about T-Mobile role in 'Trump Mobile' service
WASHINGTON (Reuters) -Three Democrats on the House Energy and Commerce Committee raised serious concerns about T-Mobile's involvement in the Trump Organization's self-branded mobile service and a $499 smartphone dubbed Trump Mobile. Representative Frank Pallone, the ranking member of the committee and two other committee members, asked T-Mobile CEO Mike Sievert to answer questions about the company's dealings with the Trump organization. "We are specifically concerned that T-Mobile's business relationship with the Trump Organization — while Donald Trump is serving as President of the United States — presents a conflict of interest that will harm the American people," they wrote in a letter Wednesday.
Yahoo
25 minutes ago
- Yahoo
Meta launches new teen safety features, removes 635,000 accounts that sexualize children
Instagram parent company Meta has introduced new safety features aimed at protecting teens who use its platforms, including information about accounts that message them and an option to block and report accounts with one tap. The company also announced Wednesday that it has removed thousands of accounts that were leaving sexualized comments or requesting sexual images from adult-run accounts of kids under 13. Of these, 135,000 were commenting and another 500,000 were linked to accounts that 'interacted inappropriately,' Meta said in a blog post. The heightened measures arrive as social media companies face increased scrutiny over how their platform affects the mental health and well-being of younger users. This includes protecting children from predatory adults and scammers who ask — then extort— them for nude images. Meta said teen users blocked more than a million accounts and reported another million after seeing a 'safety notice' that reminds people to 'be cautious in private messages and to block and report anything that makes them uncomfortable.' Earlier this year, Meta began to test the use of artificial intelligence to determine if kids are lying about their ages on Instagram, which is technically only allowed for those over 13. If it is determined that a user is misrepresenting their age, the account will automatically become a teen account, which has more restrictions than an adult account. Teen accounts are private by default. Private messages are restricted so teens can only receive them from people they follow or are already connected to. In 2024, the company made teen accounts private by default. Meta faces lawsuits from dozens of U.S. states that accuse it of harming young people and contributing to the youth mental health crisis by knowingly and deliberately designing features on Instagram and Facebook that addict children to its platforms. Solve the daily Crossword
Yahoo
25 minutes ago
- Yahoo
Cipher Mining (CIFR) Jumps Alongside Bitcoin Ahead of Q2 Results
We recently published . Cipher Mining Inc. (NASDAQ:CIFR) is one of Tuesday's top performers. Cipher Mining jumped by 11.04 percent on Tuesday to close at $6.94 apiece, tracking the rally in Bitcoin prices, while investors repositioned portfolios ahead of the release of its second quarter results. According to the company, it is slated to release the results of its financial and operational performance for the April to June period on August 7. A conference call will be held at 8 AM Eastern Time. As of this writing, prices of Bitcoin were up by 2.17 percent at nearly $120,000 apiece as investors grew more confident about the industry, with more financial institutions beginning to slowly adopt and offer cryptocurrency-related products. Earlier this month, Cipher Mining Inc. (NASDAQ:CIFR) said it was able to mine 160 Bitcoins and sold 58 last month, bringing its total ownership to 1,063. A close-up of a laptop with a Bitcoin ecosystem monitor running in the background. It said the Bitcoins were produced at an operating hash rate of 16.8 EH/s. In the third quarter, Cipher Mining Inc. (NASDAQ:CIFR) expects to ramp up its operational hash rate to around 23.1 EH/S with new mining rigs expected for delivery in scheduled batches. While we acknowledge the potential of CIFR as an investment, our conviction lies in the belief that some AI stocks hold greater promise for delivering higher returns and have limited downside risk. If you are looking for an extremely cheap AI stock that is also a major beneficiary of Trump tariffs and onshoring, see our free report on the .
