When Pixel 5 and 4a 5G were released, Google also updated a few of its first-party apps – the camera and recorder, to be specific. But when people with older Pixel phones tried to load these on the pages of their pages, someone came across a strange INSTALL_FAILED_VERIFICATION_FAILURE error message, even though the cryptographic signature matched and nothing should have stood in the way. We quickly found a solution, but we did not really understand why the error appeared in the first place. Thanks to an investigation from our friends at XDA, we now have an idea of what is causing the problem.
While we initially assumed that the confirmation error was an error, XDA found evidence that it may be an intentional change. The publication examined the logs associated with confirmation errors when installing Google Camera, which suggest what happens:
We can see that the installation failed because the installation app (“INSTALLER_NAME”) does not match the Play Store (“com.android.vending”), a criterion that was never checked until now. The check was initiated by “AppIntegrityManagerServiceImpl”, part of Android’s new “App Integrity” control. It is intended to add a new layer of security on top of existing measures (such as cryptographic APK signatures) to prevent junk packages from taking up space for legitimate apps.
AppIntegrityManagerServiceImpl operates on a set of rules provided by the Play services, which is why you can temporarily avoid the new security checks by uninstalling updates to the services – the rules are probably not part of the pre-installed version of the services and are not It is not downloaded right away, so there is a time frame where AppIntegrityManagerServiceImpl has no rules to work with, thus allowing installation from any source. Large parts of the new integrity check are clogged, so there may be several nuances in the subject, but this seems to be the core of what we are working on.
XDA speculates that these changes are meant to protect people from installing the wrong version of an app on their phones. It is possible to install the wrong DPI variant of an app on your phone, which may corrupt the interface, and there is at least one instance where you may lose features when you install the wrong version of an app, such as Live Caption on Pixel 4.
Google can extend this practice to more of its apps, but right now it seems that only apps that have switched to APK package format can be blocked by AppIntegrityManagerServiceImpl, such as Google Camera or Recorder.
We’re still not quite sure what the implications of the new privacy check are, but it seems that our proposed solution still allows most people to reliably sideload Google apps on Android 11, at least for now. Since the confirmation changes appear to be intentional, future updates may make system app loading even more difficult, and you may not be able to use a solution at some point.