IBM Mobile Foundation Product Advisory - Possible impact on extended app authenticity due to Android changes
Neeti Sukhtankar January 22, 2018
MobileFirst_Foundation Advisory App_Authenticity
In Dec 2017, Google announced that starting 2018 they will start adding a small amount of security metadata on top of each APK to verify that it was officially distributed by Google Play. This metadata is intended to provide a badge of authenticity for apps distributed via the Google Play Store. You can read more about the announcement in the Android Developers Blog here.
For apps running on IBM Mobile Foundation v7.1 or earlier, the addition of this metadata could alter the app binary, and possibly cause the extended app authenticity check to fail. This change is not likely to affect our basic app authenticity capability (available in Mobile Foundation v7.1 and earlier) or the static or dynamic app authenticity capability (available in Mobile Foundation v8.0). For more information about basic and extended app authenticity, see here.
After Google releases this feature (no firm date yet), the Mobile Foundation team will test and assess the impact of this change on our extended app authenticity feature, and take the necessary remedial action, if any. We will keep you advised of any impact, and any actions that you might need to take. For now, this is an advisory notification and no action is needed from you.
Inclusive terminology note: The Mobile First Platform team is making changes to support the IBM® initiative to replace racially biased and other discriminatory language in our code and content with more inclusive language. While IBM values the use of inclusive language, terms that are outside of IBM's direct influence are sometimes required for the sake of maintaining user understanding. As other industry leaders join IBM in embracing the use of inclusive language, IBM will continue to update the documentation to reflect those changes.