Google has announced the rollout of two new non-negotiable security features for Android users who have also enrolled in the company’s Advanced Protection Program (APP).
What is the Advanced Protection Program?
In late 2017, Google decided to provide additional security for those who are at an elevated risk of targeted attacks – e.g., journalists, human rights and civil society activists, campaign staffers, people in abusive relationships, etc. – and are willing to trade off a bit of convenience for more protection.
Initially offered only for consumer/personal Google accounts, in 2019 the program was made available for G Suite accounts, so that high-risk employees such as IT admins, executives, and employees in regulated or high-risk verticals such as finance or government can better secure their email accounts.
Users who enroll must use a physical security key (or their Android, iPhone or iPad device) to gain access their account, are not able to use untrusted third-party apps that require access to their email account, must go through a stricter account recovery process, have some download protections from Google Safe Browsing (when signed into Google Chrome with the same identity), and their accounts have enhanced email scanning for threats.
The new Google Advanced Protection security features
On Wednesday, Google said that the company is now automatically turning Google Play Protect on for all devices with a Google Account enrolled in Advanced Protection and will require that it remain enabled.
Google Play Protect is a security suite for Android devices that scans and verifies apps users want to download/ have downloaded from Google Play and third-party app stores, periodically scans the device for potentially malicious apps, and more.
Google will now also start blocking most apps that come from third-party app stores from being installed on any devices with a Google Account enrolled in Advanced Protection.
“You can still install non-Play apps through app stores that were pre-installed by the device manufacturer and through Android Debug Bridge. Any apps that you’ve already installed from sources outside of Google Play will not be removed and can still be updated,” explained Roman Kirillov, Engineering Manager, Android Security and Privacy.
“G Suite users enrolled in the Advanced Protection Program will not get these new Android protections for now; however, equivalent protections are available as part of endpoint management.”