Android 15 Elevates Security with Enhanced Confirmation Mode
As the Android 15 beta rolls out, Google has shed light on its commitment to privacy and security enhancements. Among these measures is the introduction of Enhanced Confirmation Mode (ECM), a feature designed to bolster the security surrounding app installation settings.
This mode complements the existing Restricted Settings feature introduced in Android 13, which limits the capabilities of apps installed from sources other than the Google Play Store. ECM specifically targets malicious sources that attempt to exploit the session-based installation API, which Android uses to verify whether an app originates from Google Play.
ECM employs an allowlist within system settings and cross-checks it against an XML file embedded in the factory image. Apps that fail to meet these criteria are denied access to sensitive data and services such as Accessibility and Notification Listener. A specific ECM dialog will notify users of these restrictions.
While it remains uncertain whether exemptions can be made for specific apps under ECM, as is possible with Restricted Settings, it is unclear how well-established third-party app stores like Amazon’s will be affected by these restrictions.
The ability to sideload apps on Android provides flexibility, but it also carries risks. Google’s efforts to enhance security through features like ECM strike a balance between protecting sensitive data and maintaining user choice in app installation.
The Android 15 beta is currently available to eligible devices, and further details on these security measures will be unveiled at Google I/O 2024. The official rollout of Android 15 is anticipated later in the year, with the exact timeline yet to be announced.
