Google Play is adding something new to its security mechanisms to solidify app security and authenticity. This will come in the form of an app security metadata, which will be used to verify if the app was indeed distributed by the Play Store. This will also benefit app developers and people who constantly share apps via peer-to-peer channels, with the metadata ensuring the apps will be handled by the Play Store (updates, security) even if they are passed from one device to another.

Google seems to be doing this server side, as developers are encouraged that they won’t have to do anything special to make this happen. Google will be increasing the APK size – APK is the standard packaging file type for apps from the Play Store, if you don’t know yet – to insert the security metadata within the package.

So all apps that were originally downloaded from the Play Store – even if it has been passed around from device to device via peer-to-peer methods – will still be authenticated as a legit Play Store app and will be eligible for app updates from the Play Store once the user goes online. In the future, apps obtained through Play-approved distribution channels will be marked as authentic, even while the device is offline.

For app developers, this means that you can download your APK from the Play Store and pass it around, because the metadata will take care of the authentication as a legitimate Play Store-approved app.

SOURCE: Google