Aamir Siddiqui / Android Authority
TL;DR Google could soon extend Play Protect to scan PWAs and WebAPKs during installation.
This new feature could protect users from malicious PWAs used for phishing and data theft.
Google has been silently protecting most Android devices through Google Play Protect, scanning the apps that users have installed, and warning them of nefarious ones. While platform-native apps remain the most popular method to access a service, Progressive Web Apps (PWAs) remain a good web-centric alternative. Unfortunately, bad actors will exploit any medium they can lay their hands on, and it becomes imperative for Google to protect its user base. We’ve now spotted code that suggests that Google Play Protect will start scanning Progressive Web Apps during installation to check for security issues, adding one more layer of security for users.
Authority Insights story on Android Authority. Discover You're reading anstory on Android Authority. Discover Authority Insights for more exclusive reports, app teardowns, leaks, and in-depth tech coverage you won't find anywhere else. An APK teardown helps predict features that may arrive on a service in the future based on work-in-progress code. However, it is possible that such predicted features may not make it to a public release.
Google Play Store v46.9.20-31 includes the following code:
Code Copy Text PlayProtect__enable_gpp_install_verification_for_pwa
Here, PWA refers to Progressive Web Apps. The flag would enable Play Protect to verify the PWAs during their installation. Yes, PWAs can be installed on a device, usually through an “Add to Home screen” button from the browser app. If you do this through Chrome on Android, you get a WebAPK, which gives the PWA a space in your app drawer (in addition to the space on the home screen) and integrates it more deeply into the Android system than a regular PWA.
We also spotted code bits hinting at WebAPK scanning:
AssembleDebug / Android Authority
... continue reading