Unlike Apple's iOS, Google's Android was built with flexibility in mind. And this apparent customization opens a whole new level of appeal.
But that has consequences, and security is the biggest issue. Android's flexibility makes it relatively easy for malware-ridden apps to circulate and plague Google's Play Store, potentially affecting billions of users. Making things worse, Google is having a hard time policing its app store.
After experiencing this issue for years, Google seems to can't do it alone with its Google Play Protect.
For this reason, Google starts calling some reinforcements, by announcing a partnership with three antivirus firms - ESET, Lookout, and Zimperium - to create what it calls an 'App Defense Alliance'.
According to Google on its announcement:
With Google asking for help, the three companies are given the privilege to police Google Play Store for Potentially Harmful Applications.
To do this, the App Defense Alliance can use their scanning and threat detection tools to evaluate new Google Play submissions before the apps go live - with the goal to catch more malware before it hits the Play Store in the first place.
In other words, the scrutiny happens before any users can download new apps.
Dave Kleidermacher, Google's vice president of Android security and privacy, said that:
"What the App Defense Alliance enables us to do is take the open ecosystem approach to the next level. We can share information not just ad hoc, but really integrate engines together at a digital level, so that we can have real-time response, expand the review of these apps, and apply that to making users more protected."
The three antivirus vendors offer different approaches in scanning app files called binaries.
ESET's engine for example, uses a cloud-based repository of known malicious binaries along with pattern analysis and other signals to scam apps. Lookout on the other hand, has a a trove of 80 million binaries and app telemetry it can use to catch potential malicious activity. And as for Zimperium, it uses machine learning algorithms to build a profile of potentially bad behavior.
In general, the three vendors will look for any suspicious codes and activities in apps, that can include anything from trojans, adware, ransomware to banking malware and phishing campaigns.
These three will report to Google by essentially giving it a rapid yes or no on whether apps need to be individually examined for malware.
As explained by Tony Anscombe, ESET's industry partnerships ambassador, "Being part of a project like this with the Android team allows us to actually start protecting at the source. It’s much better than trying to clean up afterwards."
Google Play Store receives a huge amount of app submissions per day, and setting up the three vendors' systems to scan for them apparently, isn't that difficult. This is possible because Google makes them run through a purpose-built application programming interface.
The challenge however, was adapting the scanners to make sure they could handle the traffic.
In the end, hopefully, all that are involved can catch significantly more malicious apps before they hit Google Play, than when Google was flagging them on its own with Google Play Protect. While there is no guarantee, this attempt is worth a try because an attempt is better than no attempt at all.
"When you can get even 1 percent incremental improvement it matters," said Dave Kleidermacher from Google.