One of the defining features of the Android operating system is its freedom to load any application you want. Most people stick to the Google Play store, but sometimes one may want to load a custom app downloaded from another source. This process is called sideloading, and is the reason Android is the only major smartphone OS with any significant amount of malware.
This is undoubtedly a positive development in Android. The new security system automatically checks sideloaded apps against Google’s servers and warns users if the app is either known to be bad or raises any flags.
There’s two caveats in my mind.
First, the system is signature-based. That means they are comparing the code to a known list, and although this is effective at stopping a lot of threats, it will lead malware developers to generate polymorphic code that can avoid signature detection. Now the description of the security system indicates that it will also warn users about apps that don’t fit a signature, but may be harmful anyway. I’m not certain how that is going to be implemented, but if it is overly cautious in warning users, they will end up ignoring those warnings.
The second issue is with Android’s broken update process. Because Android phones go through manufacturer modifications followed by carrier modifications, receiving timely updates to the phone is nigh impossible (apart from the Nexus line, which is never modified from stock Android)
So, even though there is a nice new security enhancement to Android, it will probably be 2-3 years before we can expect to see even half of the installed base running 4.2 or higher.