Android M continues to have details about the changes fleshed out so those moving from Lollipop to Android M when it’s released will know what they’re getting as part of the software upgrade. Some things have been on more of a top layer, or things which users themselves will have direct access to, while others have been more in the background to fine tune the operating system so it will work better and perform better at the things it already does. This latest detail discovered within the Android M preview is one such change as it will be able to affect users in a non-direct way, with tighter security measures on apk files being submitted for validation.
Android M will utilize an updated validation check with apk files so that when apks are submitted to have them approved for Play Store distribution, apks will be checked for missing files that are listed in the apk manifest but aren’t present within the apk, something which Android doesn’t currently do with Lollipop or any other version of the software prior to Lollipop. This is an adjustment made by Google to make the nature of applications a little bit more secure. Without checking for missing files which are listed in the manifest, someone with ill intent could upload apks that are lacking specific files which could pertain to security. Now that Android M will perform checks for missing files in addition to any files which have been modified from their original versions as detailed in the manifest, apks will fail validation unless all files are present and unmodified.
If any apks are missing files which have been declared in the manifest, the failed validation results in a requirement to resubmit a new manifest which will then require a resigning of the apk as well. This can help to keep Google notified if any apks are altered in any way which in the end can help users from being exposed to potentially harmful apps which may have otherwise been able to slip past unnoticed.