Gradually vam you know deep details Android m, internal improvements which are not seen in the initial presentation but which is designed to improve aspects such as security or the management of system resources.
The new version of Android has already been revealing many novelties in the hands of developers, but so far had not paid special attention to the security enhancements, as the hardening of the validation of inspirational implemented by Google.
Some think if not doing this already, and is true that Android already valid the APK installed always, although a strict validation which will prevent unwanted alterations in installed applications will be added from Android M.
So far, validation of APK system reviewed only the SHA-1 signature of each file within the package, and compared the data from the file, “our site” automatically generated during the signing process. This Protocol serves to Verify that the files have not been modified, an obvious validation that will prevent installation of malware inserted into the APK.
However, the operating system not validated files referred to in the “manifest.mf” and which were not present in the APK package, making it possible to modify a setup package by removing files related to security, DRM or other sensitive aspects of applications.
This is precisely the gap that has covered Google regarding security in the validation of inspirational, because from now on it will be necessary to all the files present in the manifest are also in with a matching signature APK.
We do not know if the own Google found a serious problem or simply have implemented a check-up, fool, was silly not to make covering the minimum loophole that could compromise the security of the devices.