Google Now Blocking GApps On Uncertified Devices, Custom ROMs Safe

Updated on

Google has now reportedly started to crack down on the uncertified devices running Android OS. The search giant is blocking such devices to run its apps – popularly known as GApps.

According to the reports, the tech giant is quietly restricting the access to its apps on uncertified devices – such as Amazon’s Fire OS tablets and most Chinese phones sold in China. The uncertified devices that fall into this category are the ones with firmware built after March 16, according to XDA-Developers. Now, if a user owns such a device, they would get a warning message saying that their device is “not certified” and so it can’t sign into a Google account.

For custom ROM users, however, there is some respite. Such users will be allowed to access GApps, but they will need to register their device IDs every time they go for a factory reset, notes Engadget. Possibly, such users will also be blocked after a certain limit. Currently, there are reports that such users can do this up to 100 times. As of now, there has been no comments from Google over the development.

It is believed that Google has taken such a step to plug a loophole that has existed for a long time. Usually, OEM’s enter into an agreement with the search giant for the GApps. However, some OEM’s (usually smaller ones) don’t go through Google’s certification process, but still pre-load GApps on the devices. For the end-users it doesn’t change anything. Some OEM’s even ship the phones without GApps, but ask users to sideload them.

This is not a sudden decision by the company. The search giant has been sending warnings to the device makers for at least a year now. Some users have come across such warnings when booting up their devices, notes 9to5google. Now, it appears the search giant looks determined to fix this loophole. Now, the device makers will need to follow the Android Compatibility Definition Document.

In separate news, a new malware has been found embedded in the Play Store apps. According to SophosLabs, seven QR code readers on the Play Store may have been infected with the malware. Apart from the QR code readers, one smart compass could have also been infected. This new malware – referred to as Andr/HiddnAd-AJ – plays ads on your handset.

Initially, the malware will remain quiet, giving you a “false sense of security.” After a few hours, it will start showing full-screen ads, along with sending notifications with links to the ads. The apps embedded with the malware were downloaded 500,000 times before Google deleted them from the Play Store, says Sophos Labs.

Such apps were able to exist for so long because they escaped Google’s scanning by hiding the malicious code in the regular Android app code. So, the search giant will surely learn from this episode and refine its checks to ensure that such malware doesn’t make it to the Play Store again.

“By adding an innocent-looking ‘graphics’ subcomponent to a collection of programming routines that you’d expect to find in a regular Android program, the adware engine inside the app is effectively hiding in plain sight,” Sophos said in a blog post.

In another data privacy news related to Android, a research report by AdGuard claims that many popular Android apps send information to Facebook. These apps send data even if a user does not have an account with the social networking giant. The findings could again spell trouble for Facebook, which is already neck deep in the controversies surrounding sharing and collecting user data.

AdGuard, in its study, analyzed the network activities and the type of data sent to third-party servers of the top 2,556 Android apps. According to AdGuard, 41% of these apps were embedded with the Facebook Audience Network, which is a tool to analyze user behavior and help developers monetize the apps by showing ads. “Well, it is Facebook who does the ‘analyze’ part — effectively, you are sharing your data with the social network giant even if you haven’t used it once in your life, just by installing some other app and giving it permissions,” says AdGuard.

A user, however, can easily end this sharing. All they have to do is add the address – graph.facebook.com (where all the data is deposited) – to the content blocker. The bad news, however, is that Facebook is not the only company that collects information like this. AdGuard claims that 88% of the apps connect to third-party servers, and about 61% transfer private information.

Leave a Comment