One of the perks of Android devices is that they can easily download apps outside its official app store, Google Play. However, this has also proven to be dangerous since there are countless malicious apps that pose as safe downloads. Google has found a way to detect those as well.
Google Play Protect
It was first announced in October that Google now has a real-time security engine built into Google Play that can scan sideloaded apps in real-time. If the app downloaded outside the app store is deemed malicious or harmful, the feature has the ability to block it from the device.
This can be a beneficial measure especially since a lot of sideloaded apps are capable of disguising their code to appear like they are legitimate downloads. Some are able to use AI to alter their code and avoid detection, as reported by Tech Crunch.
The Play Protect feature will be recommended to users, particularly for apps that have never been scanned before. This mostly applies to apps downloaded outside the Play Store since Google already scans apps published through its native app store.
The code analysis will "extract important signals from the app and send them to the Play Protect backend infrastructure for a code-level evaluation." One of the feature's main roles is to detect and block loan apps, which have been a common problem for those who download outside the store.
Users who make the mistake of installing them are often harassed or even blackmailed as threat actors acquire personal data and images from the downloaded. Countries like India are the most impacted by malicious apps.
Google's head of trust and safety for APAC, Saikat Mitra said that their policies are "making it tougher for predatory apps to be listed on the Play Store. But the bad actors are inventive, and they are finding new ways to trick people and that is why we take additional measures."
When the scanner feature detects a malicious app, it shows popups that state: "Apps from unknown developers can sometimes be unsafe," or "This app tries to spy on your personal data, such as SMS messages, photos, audio recordings, or call history."
It depends on the kind of app that is being downloaded. Based on experiments, the feature is still not able to detect all 30 of the malicious apps that were tested. However, it did flag most of the apps and provided the option to cancel the installation.
Is Google Reliable for Scanning Malicious Apps?
As far as scanning features go, Google might be the most reliable of them all, but that doesn't mean that it can scan all malicious apps without fail. In fact, there are a couple of apps within its own app store that managed to slip through Google's defense line.
Just this April 2023, 60 Google Play apps contained malware and it took the search engine giant a while before they detected it. According to Bleeping Computer, the apps contained the "Goldoson" malware and managed to collectively get 100 million downloads.
The malware can collect data on the installed apps, WiFi, and Bluetooth-connected devices. It can even collect information through the user's GPS location. Even with the recent OS versions, the malware was able to gather sensitive data in 10% of te app.