Android Instant Apps Sounds Dangerous

News
By
published

The new Instant Apps feature could be the best thing to ever happen to Android — or it could be a security nightmare.

It's useful. It's revolutionary. But is it also dangerous?

Google today (May 18) unveiled a new feature called Android Instant Apps, which delivers the functionality of an Android app to a mobile Chrome browser. You can click on a web link, and Chrome will download and run part or all of a stand-alone Android app, without the app actually installing on the device.

Credit: radFX/Shutterstock

(Image credit: radFX/Shutterstock)

In this way, Google executives said at the company's annual I/O developers' conference, Android users will soon be able use apps without actually installing them. But as you might imagine, Instant Apps instantly raised some security concerns.

MORE: Best Android Security Apps

"Oh, good," tweeted game designer Ron Gilbert. "Now Android Apps can install malware instantly — no need to actually install the app!"

"Android Instant Apps sounds like rly awesome UX [user experience]," tweeted developer Hayden Schiff, "but installing code w/o user permission does not sit well with me."

Google representatives told TechCrunch that Instant Apps will run in a sandbox, as all Android apps do. Presumably, the links will point back to the Google Play Store, and run only Google-approved code.

"If it's sandboxed well and has to go through Play Store and more rigorous security checks, should be okay?" responded programmer Andy Lawton to Schiff's skeptical tweet. "Opt-out-able too I hope."

However, hundreds of malicious apps have made it past the Google Play Store's Bouncer feature, and more pop up every few weeks. What's to stop a criminal or spy from embedded an Android Instant Apps link that points to malicious code? What's to stop that link to point to a server outside of the Google Play Store?

The Android Instant Apps FAQ page Google set up doesn't answer any of these questions, but there's a sign-up link on another page for "early access to the Instant Apps documentations" when it's ready.

Android Instant Apps will be accessible by devices running versions of Android dating all the way back to 4.1 Jelly Bean — the kind of device that probably will never be patched by handset makers or vendors. (Sorry, iPhone users, you're not getting this yet.)

The feature will be rolled out in the fall of 2016. We can't wait.

See more Computing News
Paul Wagenseil
Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.

Latest in Mobile Apps
How to tour the Super Bowl stadium virtually with Google Maps
Google Maps glitch is purging Timeline data — what we know
Gboard app logo on mobile phone resting on a keyboard
Google Gboard redesign has already angered users — and I can see why
Waze app on iPhone in car
Forget Google Maps — Waze just got a huge upgrade that will help millions of drivers
A photo of the Apple Maps app tile displayed on an iPhone screen
Apple Maps may soon get ads, letting businesses pay to boost visibility
How to delete TikTok
TikTok confirms return to Apple and Google app stores — here’s what we know
How to tour the Super Bowl stadium virtually with Google Maps
Google Maps is adding this new feature for millions of drivers to make your ride safer
Latest in News
Samsung Galaxy S25 Edge back
Samsung Galaxy S25 Edge price comes into focus with latest leak
Apple iPhone 16 Plus Review.
Apple just released an emergency security update for a flaw used in an ‘extremely sophisticated attack’ — update your devices right now
NYTimes Connections
NYT Connections today hints and answers — Wednesday, March 12 (#640)
Jean Smart as Deborah Vance and Hannah Einbinder as Ava Daniels in Hacks
Max reveals 'Hacks' season 4 release date and trailer — here's when it's coming
Google Pixel 5 review
Google Pixel 10 lineup leaked in new renderings — here's what they look like
A person trying to set up a new Wi-Fi router
Thousands of TP-Link routers have been infected by a botnet to spread malware
More about mobile apps
How to tour the Super Bowl stadium virtually with Google Maps

Google Maps glitch is purging Timeline data — what we know
Gboard app logo on mobile phone resting on a keyboard

Google Gboard redesign has already angered users — and I can see why
iPhone 16 Pro Max shown in hand

iOS 18.4 has dropped — 5 new iPhone features to try first
See more latest
Most Popular
Prime Video logo appears on a tablet surrounded by a can of soda, spilled popcorn, headphones and a cactus
7 new to Prime Video movies with 90% or higher on Rotten Tomatoes
Apple iPhone 16 Plus Review.
Apple just released an emergency security update for a flaw used in an ‘extremely sophisticated attack’ — update your devices right now
Rand (Josha Stradowksi) carries a female figures across the Wastes in "The Wheel of Time" season 3 key-art
How to watch ‘The Wheel of Time’ season 3 online from anywhere
NYTimes Connections
NYT Connections today hints and answers — Wednesday, March 12 (#640)
NYT Strands on a cellphone
NYT Strands today — hints, spangram and answers for game #374 (Wednesday, March 12 2025)
Samsung Galaxy S25 Edge back
Samsung Galaxy S25 Edge price comes into focus with latest leak
Roomba Combo 205 robot vacuum mop
The Roomba is getting smarter — iRobot announces 8 new robot vacuums loaded with AI tech, starting at $299
Jaden Akins #3 of the Michigan State Spartans drives to the basket against L.J. Cason #2 of the Michigan Wolverines in March 2025
Big Ten 2025 tournament live stream: How to watch men's college hoops online
Google Pixel 5 review
Google Pixel 10 lineup leaked in new renderings — here's what they look like
Jean Smart as Deborah Vance and Hannah Einbinder as Ava Daniels in Hacks
Max reveals 'Hacks' season 4 release date and trailer — here's when it's coming