Edgar Cervantes / Android Authority
TL; DR
- Android 15 could introduce a new way for the system to protect users from misbehaving apps: quarantine.
- Android is already a very secure operating system, but sometimes apps misbehave.
- For now, Google Play Protect often uninstalls misbehaving apps.
The Android operating system offers robust protection against malicious apps that misbehave. Even so, bad apps will sometimes slip through the cracks, in which case Google Play Protect can step in and remove them automatically. Like any advanced anti-malware software, Play Protect will not be 100% accurate in its detections, which is why it usually errs on the side of caution and asks the user if they want to remove the potentially harmful app. With the upcoming Android 15 update, the system could add a new way for services like Play Protect to protect users from misbehaving apps: by quarantining them.
If you’ve ever dealt with antivirus software on desktop operating systems like Windows, you may be familiar with the concept of quarantine software. When antivirus software quarantines a file, it’s because it suspects it’s malicious, but it either can’t delete it, or it leaves the decision up to the user because it’s not sure if the file is actually malicious. Quarantined files are isolated from the rest of the system so that they cannot be executed, ensuring that any malware potentially residing in them cannot do any dirty work.
The traditional concept of quarantine software doesn’t really exist in Android, mainly because the operating system was designed from the ground up to be virus-safe. Applications cannot gain system-level access, are sandboxed by default, and can only communicate with each other using well-defined APIs that they can only access if they are granted well-defined permissions. That’s why you don’t really need to download a third-party antivirus or anti-malware app for Android. Since Android doesn’t work the same way as Windows, it’s no surprise that quarantine software on Android will work a little differently than it does on Windows.
Android 15 App Quarantine: How It Could Work
When an app is quarantined in Android, it will behave differently than a non-quarantined app. It will still be visible in the user’s home screen launcher and in Android Settings, but a few restrictions will apply to it:
- Notifications from it will not be displayed
- All its windows will be hidden, and already started activities will be stopped
- It will not be able to ring the device
- Other applications cannot query its services (although its activities can)
- It cannot bind to or receive broadcasts from the system or other applications
- Cannot be resolved (ie will not appear in the intent clarification dialog)
Quarantined apps therefore act similarly to disabled apps, although disabled apps do not appear in the home screen launcher. Quarantining an app is also similar to suspending it, an action taken by the Digital Wellbeing service to pause disruptive apps, except that individual components of quarantined apps can behave as disabled, as mentioned previously. Therefore, it can be safely said that the new state of quarantine is somewhere between the existing states of suspension and incapacitation.
Mishaal Rahman / Android Authority
The app timer and Digital Wellbeing focus mode features put apps on hold.
In fact, the APIs used to quarantine an application are the same as those used to suspend an application, except that an additional flag is passed. During the testing and development of this feature, system applications with SUSPEND_APPS it is allowed to quarantine apps, but the methods in question have since been updated to require the use of new ones QUARANTINE_APPS permission. Only a system “verifier” application or an application signed with the same certificate used to sign the OS can have this permission. Therefore, only services like Play Protect, which is part of the Google Play Store, will be able to quarantine apps.
Unfortunately, I don’t know when Google will actually launch this new feature. I first spotted evidence of app quarantine in Android 14 QPR2 Beta 1 in November, but the developer page for “Quarantine Apps” has since been removed. The feature flag that enables OS-level support for app quarantine is still there, but there’s no way to quarantine apps manually, not even via the command line. Additionally, neither the Google Play Store nor Google Play Services apps currently require QUARANTINE_APPS permission. So it’s entirely possible that this feature won’t launch in Android 15, but could end up in a future release instead.
Mishaal Rahman / Android Authority
Quarantined Apps page in Android 14 QPR2 Beta 1 Developer Options.
When App Quarantine is launched, the user interface shown above will likely be tweaked a bit. Applications that make API calls to suspend or quarantine an application can customize the dialog that is displayed to the user when they attempt to launch a suspended or quarantined application. Whatever system app ends up implementing Android’s App Quarantine feature will likely customize the dialog box to say something like, “[X] the app has been quarantined for your safety” followed by an explanation as to why it was quarantined.
While Android hasn’t needed an app quarantine feature for a long time, I’m still glad to see it added because it’s impossible for services like Play Protect to be 100% accurate, even if that system does a really good job of catching bad guys and misbehaving apps.