By now, you've probably heard all about the changes introduced with Google's Android 4.3 release. But those fresh features and bits of polish are only part of the story. One of Google's biggest changes to the Android platform is actually happening outside of the operating system -- and it's affecting almost every Android device in the world.
It's the widespread launch of a universal app-scanning system -- a system that watches your device for any new application, even one loaded directly onto the device ("sideloaded") from outside of the Google Play Store, and instantly checks the app for malicious or potentially harmful code.
That's huge. And while we've been busy focusing on new devices and fun features, Google's been busy making sure every Android user has that system on his phone -- whether he realizes it or not.
Google initially launched the feature, known as Verify Apps, with Android 4.2 last November (Android VP of Engineering Hiroshi Lockheimer discussed it with me exclusively at the time).
Now, Google has pulled the program out of the OS and made it automatically available to every device running Android 2.3 or higher. That covers almost every phone and tablet out there -- about 95 percent of the actively running products, according to Google's latest platform measurements.
How did that happen? Simple: Google made the code a part of Google Play Services, a standalone utility that's updated regularly behind-the-scenes by Google -- independent of any manufacturer or carrier rollouts. It's part of the ongoing deconstruction of Android that we've been talking about for a while now.
The new system works alongside an automated scanning system that's been in place since early 2012 for all apps on the Google Play Store. With the new device-level scanning added into the picture, that means every app you put on your phone -- whether from the Play Store or from an unofficial third-party source -- is now scanned, analyzed, and compared to a massive database of malicious code, all in a fraction of a second.
On the Play Store side, if something is flagged as problematic, it won't be published. On your device, if a red flag comes up -- even just for something as seemingly innocuous as an app that might send SMS messages on your behalf without your knowledge -- the system will warn you and recommend you avoid proceeding with the installation.
"We wanted to make sure those protections were available even for users who were choosing to install applications from a source other than Google Play," Android Security Engineer Adrian Ludwig tells me. "It's always been a focus for Android to make sure that we're supporting an open ecosystem and that it's possible for users to get applications that developers, for any number of reasons, aren't distributing through [the official Play Store channel]."