News & Analysis

Android’s Real-time App Scan

An in-built security engine called Google Play Protect guarding Android devices now has a feature that does real-time analysis of every app’s code base and blocks the installation if it perceives it to be potentially harmful to the users. This new feature was launched in October as part of Google’s efforts to catch malicious or fake sideloaded apps. 

“Google Play Protect is built-in, proactive protection against malware and unwanted software and is enabled on all Android devices with Google Play Services. Google Play Protect scans 125 billion apps daily to help protect you from malware and unwanted software,” says a blog post by Steve Kafka, Group Product Manager and Roman Kirillov, Senior Engineering Manager. 

(Source: Google)

The aim is to prevent sideloading of apps

The blog post said if Google Play Protect detects a potentially harmful app, it can take certain actions such as sending you a warning, preventing an app install, or disabling the app automatically. It noted that cybercriminals have been using novel malicious apps available outside Google Play to infect devices with polymorphic malware. 

These malware can change the identifiable features of an app and do so by using social engineering to trick users into doing something dangerous such as revealing confidential data or downloading a malicious app from other sources. These are usually made available via links to download or through messaging apps. 

The company says the Play Protect feature recommends a real-time app scan for any new app that’s not been scanned before and includes a code analysis that extracts important signals from such apps and sends them to Play Protect’s backend infrastructure for a code evaluation. In case of any red flags, the software stops the app’s installation and warns the user. 

India’s loan apps are the most predatory

Unlike the iOS process, Android’s app store finds it tough when device owners sideload apps that skirt Google’s screening process for malware. Research has revealed that sideloading is a popular feature amongst Android users who prefer trusting the apps in spite of the fact that these aren’t available via the app store.

Amongst the most troublesome of such apps relate to those providing loans. These have caused emotional harassment to the users as bad actors often get access to user data such as contacts and photos that are used to bully users. Last August, TechCrunch had reported the impact of such predatory loan apps in India. 

In fact, Google had reportedly knocked off over 3500 such apps before they went ahead and announced the real-time scanning feature as an update to Play Protect at an event in New Delhi last month. The company plans to expand this new feature globally in order to make it tougher for predatory apps to be listed on the Play Store. 

Our security protections and machine learning algorithms learn from each app submitted to Google for review and we look at thousands of signals and compare app behavior. Google Play Protect is constantly improving with each identified app, allowing us to strengthen our protections for the entire Android ecosystem, the blog post said. 

Leave a Response