Google Play Protect : How it Detects and Removes Malicious Apps?
The Android operating system is a highly popular smartphone OS. Android is having one of the largest developer bases in the software industry. Not all of the developers are trying to help people or to make their lives easier. Some are on a full swing to develop and publish apps that can cause a variety of harms to the user’s phone and data. Some developers may unintentionally (due to less experience)end up making an app that is harmful to the user’s hardware or data.
Google has developed a defense system against these developers and their applications. It has helped Google in better identifying and removing malicious apps before and after being published.
Google Play Protect
Google Play Protect is Google’s built-in malware protection for Android. Backed by the strength of Google’s machine learning algorithms, it is always improving in real time. It comes with the Android OS and runs continuously as a process in your smartphone. It scans new installs from the Google Play Store for malicious intents. It also scans existing apps that were installed from Google Play or other sources. Google is continuously increasing the number of resources for Play Protect. This year also, Google has increased the size of the team, tightened the standards to further strengthen the reliability of the Google Play Store. After this change in the policies related to app security, the rejection of apps has increased by 55 percent and suspension of published apps has increased by 66 percent. A clear indication of how strict the new policies are.
Google has set up a policy to identify apps that are likely to be harmful based on a set of behaviors. Malicious apps exhibit at least one of these characteristics.
- The app is deceptive in terms of promises and delivery.
- The app uses some trick to make the user install the app and can sometimes contain another app piggybacked on it.
- The app provides incomplete or wrong information about its functions.
- It affects the user’s system in unexpected ways and/or tries to access data it is not authorized to access.
- It is not completely removed from the system upon uninstalling.
- It has another software component attached to it about which user is aware.
- It accesses and transmits the user’s personal data without the user’s consent/knowledge.
The entire list of characteristics that may lead to an app getting flagged as unsafe and suggested practices on transparency can be found here.
The apps that are submitted for publication are monitored for malicious intents by using Machine Learning algorithms as well as a review team. The malicious publishers are tracked across multiple accounts by tracing the similarities in activity, published apps’ behaviors and potential objectives.
The apps that were installed from other sources are continuously monitored for any of these activities and the user is warned as soon as something fishy happens. Google Play Protect scans around 50 billion apps per day.
How to Access Google Play Protect?
You can turn Play Protect on or off, view the current status of your device and perform a manual scan(apart from frequent automated scans). To Access Play Protect on your device:
- Go to Google Play Store.
- Open the menu and select Play Protect.
You will be shown the current system status (whether there are any problems with any app) option to perform a manual scan (by tapping on the refresh icon), and a settings icon. The settings let you turn it on or off by using the “scan device for security threats” slider. There is another option “improve harmful app detection”, while turned on it sends apps from unknown sources for scans. You should not turn it off if you install apps from sources other than Play Store.
Google is also running a crowdsourcing penetration testing program on a platform named HackerOne to further improve the security of its own apps as well as some other apps that are widely used. The program details can be found here.
Apart from relying on Google Play Protect, there are some rules you can follow to keep your Android device secure.
- Check app permissions before installation and abort the installation if the app asks for an unnecessary privilege.
- Read the app reviews to make sure the app does exactly what it says in the description.
- Prefer Google Play Store for installation of an app over other sources.
- Depending on the version of Android you are using, make sure to change the settings to not allow your browser and other apps that you use to access third-party content to install an app.
- Try not to delay installing an update to your OS or an app to prevent any security issue resulting from the exploitation of a recently discovered vulnerability.
- Use a security solution(Anti Malware) for your Android device.