Android 15 could quarantine misbehaving apps – Android Authority

The Android operating system provides robust protection against malicious and misbehaving applications. Even so, bad apps sometimes slip through the cracks, in which case Google Play Protect can step in and remove them automatically. Like any advanced anti-malware software, Play Protect will not be 100% accurate in its detections, so it usually errs on the side of caution and asks the user if they want to remove a potentially dangerous application. With the upcoming Android 15 update, the system could add a new way for services like Play Protect to protect users from misbehaving apps: by quarantining them.

If you’ve ever used antivirus software on desktop operating systems like Windows, you may be familiar with the concept of software quarantine. When antivirus software quarantines a file, it is because it suspects it is malicious but is either unable to delete it or leaves the decision up to the user because they do not know not if the file is actually malicious. Quarantined files are isolated from the rest of the system so that they cannot be executed, ensuring that malware potentially found there cannot do any dirty work.

The traditional concept of software quarantine doesn’t really exist in Android, mainly because the operating system was designed from the ground up to be virus-proof. Applications cannot gain system-level access, are sandboxed by default, and can only communicate with each other using well-defined APIs that they can only access if they have well-defined permissions. defined. This is why you don’t really need to download a third-party antivirus or anti-malware app for Android. Since Android doesn’t work the same way as Windows, it’s no surprise that software quarantine on Android works a little differently than it does on Windows.

Android 15 app quarantine: how it might work

When an app is quarantined on Android, it behaves differently than a non-quarantined app. It will still be visible in the user’s home screen launcher and Android settings, but some restrictions will apply:

1. Notifications from it will not be displayed
2. All its windows will be hidden and activities already started will be stopped
3. He will not be able to ring the device
4. Its services cannot be queried by other applications (although its activities can)
5. It cannot be linked to or receive broadcasts from the system or other applications
6. It cannot be resolved (i.e. it will not appear in the intent disambiguation dialog)

Quarantined apps therefore act the same as disabled apps, although disabled apps do not appear in the home screen launcher. Quarantining an app is also equivalent to suspending it, an action taken by the Digital Wellbeing service to suspend troublesome apps, except that individual components of quarantined apps may behave as disabled, as mentioned previously. So, it is safe to say that the new quarantine state falls somewhere between the existing suspended and disabled states.

In fact, the APIs used to quarantine an application are the same as those used to suspend an application, except that an additional flag is passed. During testing and development of this feature, system applications with the SUSPEND_APPS permission were allowed to quarantine apps, but the methods in question have since been updated to require use of the new QUARANTINE_APPS authorisation. This permission can only be held by the system’s “verifier” application or by an application signed with the same certificate used to sign the operating system. Thus, only services like Play Protect, which is part of the Google Play Store, will be able to quarantine applications.

Unfortunately, I don’t know when Google will actually launch this new feature. I first spotted evidence of app quarantine in Android 14 QPR2 Beta 1 back in November, but the developers page for “Quarantine Apps” has since been removed. The feature flag to support OS-level application quarantine is still present, but there is no way to quarantine applications manually, even via the command line. Additionally, neither the Google Play Store nor Google Play Services apps currently request the QUARANTINE_APPS authorisation. So, it is entirely possible that this feature will not be launched in Android 15 but will be found in a future version.

When App Quarantine launches, the UI shown above will likely be slightly changed. Applications calling the API to suspend or quarantine an application can customize the dialog box that appears to the user when attempting to launch a suspended or quarantined application. Whichever system app ends up implementing Android’s app quarantine feature will likely customize the dialog to say something like: “[X] the app has been quarantined for your safety,” followed by an explanation of why it was quarantined.

Although Android hasn’t needed an app quarantine feature for a long time, I’m still happy to see it added, because it’s impossible for services like Play Protect to be 100% accurate, even if this system does a very good job of detecting malware. and misbehaving applications.