Background

Android’s New Security Feature to Boost Security

Android securityGoogle announced a new app verification service for Android smartphones and tablets. The feature expands upon the security measures that are already built inside Google Play store. Before, apps are scanned for harmful functionality when they're downloaded and installed. Now, Google takes it further by regularly monitoring apps' activities, both from within and from outside the Play store.

Mobile users have a fear for the security of the apps they download on their devices. In the wake of the NSA's spying scandals, reports of poor security on Android and more recently, the Heartbleed bug, internet users have developed a semi-rational paranoia about whether or not apps and websites do exactly what they say they do.

To reassure Android users that security is still a primary focus at Google announced a new update to its "Verify Apps".

The new Android's "bouncer" scans all installs and checks previously installed apps "on a regular basis" for anything that takes advantage of system vulnerabilities, such as spying or collecting information about the user, or sends unauthorized SMS messages.

The new feature also checks in-app installations for changes in behavior an app may make after it’s been installed. This is because some apps may change permissions (like the ability to read your messages, access your calendar, etc.) with new updates or request permissions they don't necessarily need. Continuous app scanning from Android's Verify Apps program is meant to keep users safe by providing a check on apps that are behaving badly.

If an app is believed to be malicious, Android will block the installation altogether. This protection feature can be turned off by users who wish to do so.

Unlike Apple's iOS, Android allow users to install apps that come from sources outside Google Play app marketplace. Google Play also doesn’t have the verification process for the hosting of apps like how Apple required for its App Store/iTunes Store. Google sees all this, and the Verify Apps feature is the company's new way to encourage further innovation from developers.

"We wanted to make sure users are being protected even when they are installing applications outside of Google Play," said Adrian Ludwig, Android Security Engineer, as he explained the new Verify Apps service.

According to Ludwig, Android's new app scanning feature is meant only to catch harmful software. This means that apps that claim to offer a service but does nothing, like a newly discovered app recently that rocketed to the top of Google Play's chart, will not trigger the warning system upon its installation.

The new Verify Apps function is beginning to roll out at large on Thursday, April 10th, 2014. It comes as an update to the Google Play Android app. All devices running Android version 2.3 or later gets this new feature.

Google claims that Verify Apps has been used 4 billion times to scan apps at the time of install in 2013. According to the company, only 0.18 percent (7.1 million) of installations result in warnings for users.