According to this message, an integrity check of the Google Camera installation failed because the “INSTALLER_NAME” did not match “com.android.vending”, the package name for the Google Play Store. (I was attempting to install Google Camera 8.0 using the APKMirror Installer app, for what it’s worth.) This message was added to the system log by “
AppIntegrityManagerServiceImpl“, which is part of Android’s new “App Integrity” feature. According to the code in AOSP, App Integrity is designed to provide an additional layer of checks on top of the package manager’s existing APK signature verification. The App Integrity API seems to use a set of
Rules to decide whether or not to allow or deny the install. Rules are provided by a system app — which we believe to be Google Play Services — and are
stored in a file.
In addition, App Integrity
also calls another class called
SourceStampVerifier if a “source stamp” is embedded in the Manifest’s metadata. For example, here’s what we believe is the “source stamp” from the Google Camera app’s Manifest: