The “Unknown Sources” security option in Android is known by many. This is what needs to be ticked in order to install apps downloaded from outside of the Google Play Store, whether it’s an app that hasn’t officially rolled out yet, an app not available in your region, APKs from one of the Humble Mobile Bundles, or something else.
In Android Oreo, Google has changed the way in which this works in order to make Android safer.
Rather than being a single switch for all unknown sources, this option now comes in the form of an individual Install Unknown Apps permission that needs to be approved each time you install an app downloaded from outside of Google Play. “When used on a device running Android O and higher, hostile downloaders cannot trick the user into installing an app without having first been given the go-ahead,” states Android Security Product Manager Edward Cunningham on the Android Developers blog.
This should mean that Oreo users won’t fall foul to installing a malicious app masquerading as something innocuous, just because they ticked a box for a completely different app sometime earlier. Like other permissions, a user can also revoke the Install Unknown Apps permission at any time.
This change follows a number of recent Google efforts aimed at tightening up Android security, such as its Play Protect suite, which began rolling out a few weeks ago.
As the owner of software that’s in operation on more than 2 billion devices, security is obviously an important issue for Google. In the post on the changes to unknown apps, Cunningham took the opportunity to reaffirm that the Play Store continues to be “one of the safest places” for Android users to install apps. Still, try to be mindful when installing anything on your phone.