Google Play Protect is usually also active on Android smartphones with Google Play services. The system checks whether malware apps are installed on the smartphone. In order to detect more malicious apps, the manufacturer is now adding a real-time scan.
Advertisement
How Google in a blog post explains, Google Play Protect scans 125 billion apps every day for malware or unwanted software. If it finds such an app, it can warn cell phone users, prevent the app from being installed, or automatically disable the app.
Google Play Protect: Fraudsters hide malware from detection
However, cybercriminals would try to evade detection by Play Protect. For example, through polymorphic malware and apps outside of the Google Play Store. They also use social engineering tricks to get users to do dangerous things – such as revealing confidential information or downloading malicious apps from dubious sources. This usually happens through links to these apps or direct downloads via messenger messages.
That’s why Google Play Protect hasn’t bothered with the app source so far, but has instead examined all apps. During installation, Play Protect carried out a real-time check and warned users if necessary. This is done on the basis of existing scan results (i.e. virus signatures), if apps with machine learning on the device are classified as suspicious, similarity comparisons and other techniques that Google is constantly developing.
Google’s real-time scan in Play Protect may recommend further investigation of dubious apps.
(Image: Google)
The new real-time scan should suggest a scan for unknown or not yet examined apps or alternatively prevent the installation. This is intended to help identify emerging threats. The scan is intended to extract “important signals” from the app and send them to the Play Protect backend infrastructure for a code-level investigation. Once the analysis has been completed, users receive feedback as to whether the app appears safe or whether it has been classified as potentially dangerous.
This is intended to improve protection against malicious polymorphic apps that use various methods such as AI to be modified and thus evade static detection. The protection mechanisms and machine learning algorithm learn from every app submitted to Google for review. The system looks at thousands of signals and compares app behavior. The system improves with every app examined. The system sounds like a kind of sandbox or behavior blocker that evaluates certain actions of apps and creates a kind of harmfulness profile.
The feature will be rolled out globally to all Android devices in the coming months. India is now starting.
The new detection mechanism will hopefully prove to be a useful addition to Google Play Protect protection. Cybercriminals often use different methods to hide their malware apps from detection. For example, they try to avoid being detected with manipulated archives or deformed files. Other mechanisms try to bypass automatic detection when uploading to the Play Store by not using a webview component but instead accessing URLs directly via http. Cyber criminals often only added malicious functions much later, after the apps had been inconspicuous in the Play Store for a long time.
(dmk)