![\"Google](\"https:\/\/www.europesays.com\/uk\/wp-content\/uploads\/2025\/07\/Google-Play-Protect-Apps-scanned-scaled.jpg\"\/ "\\"Google")
<\/p>\n<\/p>\n
Aamir Siddiqui \/ Android Authority<\/p>\n
TL;DR<\/p>\n
Google has been silently protecting most Android devices through Google Play Protect<\/a>, scanning the apps that users have installed, and warning them of nefarious ones. While platform-native apps remain the most popular method to access a service, Progressive Web Apps (PWAs) remain a good web-centric alternative. Unfortunately, bad actors will exploit any medium they can lay their hands on, and it becomes imperative for Google to protect its user base<\/a>. We\u2019ve now spotted code that suggests that Google Play Protect will start scanning Progressive Web Apps during installation to check for security issues, adding one more layer of security for users.<\/p>\n You’re reading an Authority Insights<\/strong> story on Android Authority. Discover Authority Insights<\/strong><\/a> for more exclusive reports, app teardowns, leaks, and in-depth tech coverage you won’t find anywhere else.<\/p>\n An\u00a0APK teardown<\/b> helps predict features that may arrive on a service in the future based on work-in-progress code. However, it is possible that such predicted features may not make it to a public release.<\/p>\n Google Play Store v46.9.20-31 includes the following code:<\/p>\n Code<\/p>\n Copy TextPlayProtect__enable_gpp_install_verification_for_pwa<\/p>\n Here, PWA refers to Progressive Web Apps. The flag would enable Play Protect to verify the PWAs during their installation. Yes, PWAs can be installed on a device, usually through an \u201cAdd to Home screen\u201d button from the browser app. If you do this through Chrome on Android, you get a WebAPK, which gives the PWA a space in your app drawer (in addition to the space on the home screen) and integrates it more deeply into the Android system than a regular PWA.<\/p>\n We also spotted code bits hinting at WebAPK scanning:<\/p>\n AssembleDebug \/ Android Authority<\/p>\n While the code mentions scanning PWAs and WebAPKs, it doesn\u2019t explain why Google would want to do so.\u00a0There have been reports of malicious actors using PWAs<\/a> and WebAPKs<\/a> to phish and steal user information, so it\u2019s possible that Google could be aiming to protect its users from such phishing attempts by proactively warning them whenever a bad PWA or WebAPK is installed.<\/p>\n There are plenty of other questions to answer, like how PWA and WebAPK scanning would work if this does roll out. For usual apps distributed through the Play Store, Google already has an extensive database of apps against which it can check for tampering and other threats through Play Protect. Such a database is difficult to envisage for the entirety of the PWA universe, so we\u2019re curious to know how Google plans to approach this if it goes ahead.<\/p>\n PWA and WebAPK scanning are not currently available in Play Protect, and Google has not announced the feature either. We\u2019ll update you when we learn more.<\/p>\n![\"Google](\"https:\/\/www.europesays.com\/uk\/wp-content\/uploads\/2025\/07\/Google-Play-Protect-WebAPK-scanning_2.jpg\"\/ "\\"Google")
<\/p>\n