When Pixel 5 and 4a 5G were launched, Google also updated some of its original applications – the camera and the recorder, to be specific. But when people with older Pixel phones tried to transfer them to their phones, some encountered a strange INSTALL_FAILED_VERIFICATION_FAILURE error message, although the cryptographic signature matched and there was nothing in the way. We quickly found an alternative solution, but we never really understood why the error was showing up in the first place. Thanks to an investigation by our XDA friends, we now have an idea of what causes the problem.
Although we initially assumed that the verification flaw was a bug, XDA found evidence that it could be an intentional change. The publication examined the records associated with the verification failure error when installing the Google Camera, which gives a hint of what is happening:
|
We can see that the installation failed because the installer application (“INSTALLER_NAME”) does not match the Play Store (“com.android.vending”), a criterion that has never been verified until now. The scan was initiated by “AppIntegrityManagerServiceImpl”, a part of Android’s new “App Integrity” scanner. It’s supposed to add another layer of security on top of existing measures (like cryptographic APK signatures) to prevent rogue packages from taking the place of legitimate apps.
AppIntegrityManagerServiceImpl operates on a set of rules provided by Play services, which is why you can temporarily evade new security checks by uninstalling service updates – the rules are probably not part of the pre-installed version of the services and are not is downloaded immediately, so there is a period of time that AppIntegrityManagerServiceImpl has no rules to work with and therefore will allow installation of any source. Large parts of the new integrity checker are overshadowed, so there may be more nuances to the topic, but that seems to be the essence of what we are working on.
The XDA speculates that these changes are intended to protect people from installing the wrong version of an application on their phones. You can install the wrong DPI variant of an app on your phone, which can mess up the interface, and there is at least one instance where you can lose resources when installing the wrong version of an app, as Live Caption on Pixel 4.
Google could extend this practice to more of its apps, although it now appears that only apps that have switched to the APK package format can be blocked by AppIntegrityManagerServiceImpl, such as the Google Camera or Recorder.
We are still not sure what the implications of the new health checker are, but it seems that our proposed workaround still allows most people to sideload Google’s apps reliably on Android 11, at least for now. Since the verification changes appear to be intentional, it is possible that future updates will make loading system applications even more difficult, and you will not be able to use a workaround at some point.