Android: Difference between revisions

Line 33:

===Apps cannot run writable files===

Apps targeting Android 10 are not allowed to execute files from their "home" folder, as this is enforced by the system.<ref>{{Cite web |author= |title=Behavior changes: apps targeting API 29+

|url=https://developer.android.com/about/versions/10/behavior-changes-10#execute-permission |website=Android |date= |access-date=2 Mar 2026 |url-status=live |archive-url=https://web.archive.org/web/20260209004831/https://developer.android.com/about/versions/10/behavior-changes-10#execute-permission |archive-date=9 Feb 2026}}</ref> While "targeting" any version is an opt-in choice, [[Google Play]] policy forbids apps that target old Android versions.<ref>{{Cite web |author= |title=Meet Google Play's target API level requirement |url=https://developer.android.com/google/play/requirements/target-sdk |website=Android |date= |access-date=8 Apr 2026 |url-status=live |archive-url=https://web.archive.org/web/20260318030349/https://developer.android.com/google/play/requirements/target-sdk |archive-date=18 Mar 2026}}</ref><ref>{{Cite web |author= |title=Google Play's Target API Level Policy |url=https://support.google.com/googleplay/android-developer/answer/16561298?hl=en |website=[[Google]] |date= |access-date=8 Apr 2026 |url-status=live |archive-url=https://web.archive.org/web/20260211153736/https://support.google.com/googleplay/android-developer/answer/16561298?hl=en |archive-date=11 Feb 2026}}</ref><ref>{{Cite web |author= |title=Target API level requirements for Google Play apps |url=https://support.google.com/googleplay/android-developer/answer/11926878 |website=[[Google]] |date= |access-date=8 Apr 2026 |url-status=live |archive-url=https://web.archive.org/web/20260318030448/https://support.google.com/googleplay/android-developer/answer/11926878 |archive-date=18 Mar 2026}}</ref> This negatively impacts apps such as {{Wplink|Termux}},<ref>{{Cite web |author=n0n3m4 |title=No more exec from data folder on targetAPI >= Android Q |url=https://github.com/termux/termux-app/issues/1072 |website=[[GitHub]] |date=18 Mar 2019 |access-date=2 Mar 2026 |url-status=live |archive-url=https://web.archive.org/web/20260315024821/https://github.com/termux/termux-app/issues/1072 |archive-date=15 Mar 2026}}</ref> which must be "[[Sideloading|sideloaded]]" so that the policy is not applicable, otherwise they must find a way to bypass it (risking legal issues).<ref>{{Cite web |last=Kang  |first=Jinoh |title=Revisit the Android W^X problem |url=https://github.com/termux/termux-app/issues/2155 |website=[[GitHub]] |date=3 Jul 2021 |access-date=2 Mar 2026 |url-status=live |archive-url=https://web.archive.org/web/20260315024819/https://github.com/termux/termux-app/issues/2155 |archive-date=15 Mar 2026}}</ref>

|url=https://developer.android.com/about/versions/10/behavior-changes-10#execute-permission |website=Android |date= |access-date=2 Mar 2026 |url-status=live |archive-url=https://web.archive.org/web/20260209004831/https://developer.android.com/about/versions/10/behavior-changes-10#execute-permission |archive-date=9 Feb 2026}}</ref> While "targeting" any version is an opt-in choice, [[Google Play Store]] policy forbids apps that target old Android versions.<ref>{{Cite web |author= |title=Meet Google Play's target API level requirement |url=https://developer.android.com/google/play/requirements/target-sdk |website=Android |date= |access-date=8 Apr 2026 |url-status=live |archive-url=https://web.archive.org/web/20260318030349/https://developer.android.com/google/play/requirements/target-sdk |archive-date=18 Mar 2026}}</ref><ref>{{Cite web |author= |title=Google Play's Target API Level Policy |url=https://support.google.com/googleplay/android-developer/answer/16561298?hl=en |website=[[Google]] |date= |access-date=8 Apr 2026 |url-status=live |archive-url=https://web.archive.org/web/20260211153736/https://support.google.com/googleplay/android-developer/answer/16561298?hl=en |archive-date=11 Feb 2026}}</ref><ref>{{Cite web |author= |title=Target API level requirements for Google Play apps |url=https://support.google.com/googleplay/android-developer/answer/11926878 |website=[[Google]] |date= |access-date=8 Apr 2026 |url-status=live |archive-url=https://web.archive.org/web/20260318030448/https://support.google.com/googleplay/android-developer/answer/11926878 |archive-date=18 Mar 2026}}</ref> This negatively impacts apps such as {{Wplink|Termux}},<ref>{{Cite web |author=n0n3m4 |title=No more exec from data folder on targetAPI >= Android Q |url=https://github.com/termux/termux-app/issues/1072 |website=[[GitHub]] |date=18 Mar 2019 |access-date=2 Mar 2026 |url-status=live |archive-url=https://web.archive.org/web/20260315024821/https://github.com/termux/termux-app/issues/1072 |archive-date=15 Mar 2026}}</ref> which must be "[[Sideloading|sideloaded]]" so that the policy is not applicable, otherwise they must find a way to bypass it (risking legal issues).<ref>{{Cite web |last=Kang  |first=Jinoh |title=Revisit the Android W^X problem |url=https://github.com/termux/termux-app/issues/2155 |website=[[GitHub]] |date=3 Jul 2021 |access-date=2 Mar 2026 |url-status=live |archive-url=https://web.archive.org/web/20260315024819/https://github.com/termux/termux-app/issues/2155 |archive-date=15 Mar 2026}}</ref>

===Blocking sideloading of unverified Android apps (''2026—2027'')===

Google announced in August 2025 that starting September 2026, unmodified Android devices in Brazil, Indonesia, Singapore and Thailand will no longer be allowed to install applications outside of the [[Google Play]] ~~store~~ unless the developer has verified their identity with Google. The policy is aimed to be enforced world-wide in 2027.<ref>{{Cite web |last=Whitwam |first=Ryan |title=Google will block sideloading of unverified Android apps starting next year |url=https://arstechnica.com/gadgets/2025/08/google-will-block-sideloading-of-unverified-android-apps-starting-next-year/ |website=ArsTechnica |date=26 Aug 2025 |access-date=8 Apr 2026 |url-status=live |archive-url=https://web.archive.org/web/20250826032858/https://arstechnica.com/gadgets/2025/08/google-will-block-sideloading-of-unverified-android-apps-starting-next-year/ |archive-date=26 Aug 2025}}</ref><ref>{{Cite web |author=DoorStepSamm |title=Google's plan to end sideloading on Android

Google announced in August 2025 that starting September 2026, unmodified Android devices in Brazil, Indonesia, Singapore and Thailand will no longer be allowed to install applications outside of the [[Google Play Store]] unless the developer has verified their identity with Google. The policy is aimed to be enforced world-wide in 2027.<ref>{{Cite web |last=Whitwam |first=Ryan |title=Google will block sideloading of unverified Android apps starting next year |url=https://arstechnica.com/gadgets/2025/08/google-will-block-sideloading-of-unverified-android-apps-starting-next-year/ |website=ArsTechnica |date=26 Aug 2025 |access-date=8 Apr 2026 |url-status=live |archive-url=https://web.archive.org/web/20250826032858/https://arstechnica.com/gadgets/2025/08/google-will-block-sideloading-of-unverified-android-apps-starting-next-year/ |archive-date=26 Aug 2025}}</ref><ref>{{Cite web |author=DoorStepSamm |title=Google's plan to end sideloading on Android

|url=https://xdaforums.com/t/googles-plan-to-end-sideloading-on-android.4756353/ |website=XDA |date=26 Aug 2025 |access-date=8 Apr 2026 |url-status=live |archive-url=https://web.archive.org/web/20260409033222/https://xdaforums.com/t/ongoing-september-2026-googles-plan-to-end-sideloading-on-android.4756353/ |archive-date=9 Apr 2026}}</ref> Devices without [[Google Mobile Services]] (GMS) or running a third-party {{Wplink|Read-only memory|ROM}} will be unaffected. However it's hard for users to bypass or spoof [[Google Play Integrity API|Google Play Integrity]] to hide their ROM or [[Jailbreak|root]] status to use utility apps such as most of banking apps.<ref>{{Cite web |author=HippoMan |title=[Discussion] The root-and-mod-hiding/fingerprint-spoofing/keybox-stealing cat-and-mouse game |url=https://xdaforums.com/t/discussion-the-root-and-mod-hiding-fingerprint-spoofing-keybox-stealing-cat-and-mouse-game.4425939/ |website=XDA |date=3 Apr 2022 |access-date=8 Apr 2026 |url-status=live |archive-url=https://web.archive.org/web/20250823095950/https://xdaforums.com/t/discussion-the-root-and-mod-hiding-fingerprint-spoofing-keybox-stealing-cat-and-mouse-game.4425939/ |archive-date=23 Aug 2025}}</ref>

@@ Line 33: / Line 33: @@
 ===Apps cannot run writable files===
 Apps targeting Android 10 are not allowed to execute files from their "home" folder, as this is enforced by the system.<ref>{{Cite web |author= |title=Behavior changes: apps targeting API 29+
-|url=https://developer.android.com/about/versions/10/behavior-changes-10#execute-permission |website=Android |date= |access-date=2 Mar 2026 |url-status=live |archive-url=https://web.archive.org/web/20260209004831/https://developer.android.com/about/versions/10/behavior-changes-10#execute-permission |archive-date=9 Feb 2026}}</ref> While "targeting" any version is an opt-in choice, [[Google Play]] policy forbids apps that target old Android versions.<ref>{{Cite web |author= |title=Meet Google Play's target API level requirement |url=https://developer.android.com/google/play/requirements/target-sdk |website=Android |date= |access-date=8 Apr 2026 |url-status=live |archive-url=https://web.archive.org/web/20260318030349/https://developer.android.com/google/play/requirements/target-sdk |archive-date=18 Mar 2026}}</ref><ref>{{Cite web |author= |title=Google Play's Target API Level Policy |url=https://support.google.com/googleplay/android-developer/answer/16561298?hl=en |website=[[Google]] |date= |access-date=8 Apr 2026 |url-status=live |archive-url=https://web.archive.org/web/20260211153736/https://support.google.com/googleplay/android-developer/answer/16561298?hl=en |archive-date=11 Feb 2026}}</ref><ref>{{Cite web |author= |title=Target API level requirements for Google Play apps |url=https://support.google.com/googleplay/android-developer/answer/11926878 |website=[[Google]] |date= |access-date=8 Apr 2026 |url-status=live |archive-url=https://web.archive.org/web/20260318030448/https://support.google.com/googleplay/android-developer/answer/11926878 |archive-date=18 Mar 2026}}</ref> This negatively impacts apps such as {{Wplink|Termux}},<ref>{{Cite web |author=n0n3m4 |title=No more exec from data folder on targetAPI >= Android Q |url=https://github.com/termux/termux-app/issues/1072 |website=[[GitHub]] |date=18 Mar 2019 |access-date=2 Mar 2026 |url-status=live |archive-url=https://web.archive.org/web/20260315024821/https://github.com/termux/termux-app/issues/1072 |archive-date=15 Mar 2026}}</ref> which must be "[[Sideloading|sideloaded]]" so that the policy is not applicable, otherwise they must find a way to bypass it (risking legal issues).<ref>{{Cite web |last=Kang <!-- Display name is "iamahuman" as of 8 Apr 2026. -Sojourna --> |first=Jinoh |title=Revisit the Android W^X problem |url=https://github.com/termux/termux-app/issues/2155 |website=[[GitHub]] |date=3 Jul 2021 |access-date=2 Mar 2026 |url-status=live |archive-url=https://web.archive.org/web/20260315024819/https://github.com/termux/termux-app/issues/2155 |archive-date=15 Mar 2026}}</ref>
+|url=https://developer.android.com/about/versions/10/behavior-changes-10#execute-permission |website=Android |date= |access-date=2 Mar 2026 |url-status=live |archive-url=https://web.archive.org/web/20260209004831/https://developer.android.com/about/versions/10/behavior-changes-10#execute-permission |archive-date=9 Feb 2026}}</ref> While "targeting" any version is an opt-in choice, [[Google Play Store]] policy forbids apps that target old Android versions.<ref>{{Cite web |author= |title=Meet Google Play's target API level requirement |url=https://developer.android.com/google/play/requirements/target-sdk |website=Android |date= |access-date=8 Apr 2026 |url-status=live |archive-url=https://web.archive.org/web/20260318030349/https://developer.android.com/google/play/requirements/target-sdk |archive-date=18 Mar 2026}}</ref><ref>{{Cite web |author= |title=Google Play's Target API Level Policy |url=https://support.google.com/googleplay/android-developer/answer/16561298?hl=en |website=[[Google]] |date= |access-date=8 Apr 2026 |url-status=live |archive-url=https://web.archive.org/web/20260211153736/https://support.google.com/googleplay/android-developer/answer/16561298?hl=en |archive-date=11 Feb 2026}}</ref><ref>{{Cite web |author= |title=Target API level requirements for Google Play apps |url=https://support.google.com/googleplay/android-developer/answer/11926878 |website=[[Google]] |date= |access-date=8 Apr 2026 |url-status=live |archive-url=https://web.archive.org/web/20260318030448/https://support.google.com/googleplay/android-developer/answer/11926878 |archive-date=18 Mar 2026}}</ref> This negatively impacts apps such as {{Wplink|Termux}},<ref>{{Cite web |author=n0n3m4 |title=No more exec from data folder on targetAPI >= Android Q |url=https://github.com/termux/termux-app/issues/1072 |website=[[GitHub]] |date=18 Mar 2019 |access-date=2 Mar 2026 |url-status=live |archive-url=https://web.archive.org/web/20260315024821/https://github.com/termux/termux-app/issues/1072 |archive-date=15 Mar 2026}}</ref> which must be "[[Sideloading|sideloaded]]" so that the policy is not applicable, otherwise they must find a way to bypass it (risking legal issues).<ref>{{Cite web |last=Kang <!-- Display name is "iamahuman" as of 8 Apr 2026. -Sojourna --> |first=Jinoh |title=Revisit the Android W^X problem |url=https://github.com/termux/termux-app/issues/2155 |website=[[GitHub]] |date=3 Jul 2021 |access-date=2 Mar 2026 |url-status=live |archive-url=https://web.archive.org/web/20260315024819/https://github.com/termux/termux-app/issues/2155 |archive-date=15 Mar 2026}}</ref>
 ===Blocking sideloading of unverified Android apps (''2026—2027'')===
 {{Main|Google Android restrict app sideloading}}
-Google announced in August 2025 that starting September 2026, unmodified Android devices in Brazil, Indonesia, Singapore and Thailand will no longer be allowed to install applications outside of the [[Google Play]] store unless the developer has verified their identity with Google. The policy is aimed to be enforced world-wide in 2027.<ref>{{Cite web |last=Whitwam |first=Ryan |title=Google will block sideloading of unverified Android apps starting next year |url=https://arstechnica.com/gadgets/2025/08/google-will-block-sideloading-of-unverified-android-apps-starting-next-year/ |website=ArsTechnica |date=26 Aug 2025 |access-date=8 Apr 2026 |url-status=live |archive-url=https://web.archive.org/web/20250826032858/https://arstechnica.com/gadgets/2025/08/google-will-block-sideloading-of-unverified-android-apps-starting-next-year/ |archive-date=26 Aug 2025}}</ref><ref>{{Cite web |author=DoorStepSamm |title=Google's plan to end sideloading on Android
+Google announced in August 2025 that starting September 2026, unmodified Android devices in Brazil, Indonesia, Singapore and Thailand will no longer be allowed to install applications outside of the [[Google Play Store]] unless the developer has verified their identity with Google. The policy is aimed to be enforced world-wide in 2027.<ref>{{Cite web |last=Whitwam |first=Ryan |title=Google will block sideloading of unverified Android apps starting next year |url=https://arstechnica.com/gadgets/2025/08/google-will-block-sideloading-of-unverified-android-apps-starting-next-year/ |website=ArsTechnica |date=26 Aug 2025 |access-date=8 Apr 2026 |url-status=live |archive-url=https://web.archive.org/web/20250826032858/https://arstechnica.com/gadgets/2025/08/google-will-block-sideloading-of-unverified-android-apps-starting-next-year/ |archive-date=26 Aug 2025}}</ref><ref>{{Cite web |author=DoorStepSamm |title=Google's plan to end sideloading on Android
 |url=https://xdaforums.com/t/googles-plan-to-end-sideloading-on-android.4756353/ |website=XDA |date=26 Aug 2025 |access-date=8 Apr 2026 |url-status=live |archive-url=https://web.archive.org/web/20260409033222/https://xdaforums.com/t/ongoing-september-2026-googles-plan-to-end-sideloading-on-android.4756353/ |archive-date=9 Apr 2026}}</ref> Devices without [[Google Mobile Services]] (GMS) or running a third-party {{Wplink|Read-only memory|ROM}} will be unaffected. However it's hard for users to bypass or spoof [[Google Play Integrity API|Google Play Integrity]] to hide their ROM or [[Jailbreak|root]] status to use utility apps such as most of banking apps.<ref>{{Cite web |author=HippoMan |title=[Discussion] The root-and-mod-hiding/fingerprint-spoofing/keybox-stealing cat-and-mouse game |url=https://xdaforums.com/t/discussion-the-root-and-mod-hiding-fingerprint-spoofing-keybox-stealing-cat-and-mouse-game.4425939/ |website=XDA |date=3 Apr 2022 |access-date=8 Apr 2026 |url-status=live |archive-url=https://web.archive.org/web/20250823095950/https://xdaforums.com/t/discussion-the-root-and-mod-hiding-fingerprint-spoofing-keybox-stealing-cat-and-mouse-game.4425939/ |archive-date=23 Aug 2025}}</ref>