Android is an extremely capable operating system, versatile, flexible, and powerful.
But those advantages come with one big drawback: security. Due to the nature of the operating system, bad apps can be found on Google Play Store. Even when Google is proactively removing bad apps from the official app store, more of those malware-ridden apps litter the store, posing risks to users.
Google has what it calls the Google Play Protect which actively scans installed apps and devices for harmful behavior.
Play Protect runs automatically to check apps on Google Play Store, before users download them. Play Protect also checks users' devices for potentially harmful apps from other sources, and warns if users if it find apps that violate Google's Unwanted Software Policy by hiding or misrepresenting important information.
Play Protect can also send alerts about apps that can get user permissions to access personal information, and may reset app permissions to protect users' privacy on certain Android versions.
This time, Google is ramping things up a bit
In a blog post, Google said that:
"Today, we are making Google Play Protect’s security capabilities even more powerful with real-time scanning at the code-level to combat novel malicious apps."
According to Google, the method allows Google Play Protect to "recommend a real-time app scan when installing apps that have never been scanned before to help detect emerging threats."
To make this happen, the scan will involve extracting important signals from the app and sending bits and pieces of them to the Play Protect backend infrastructure for a code-level evaluation.
On users' side, they will see a pop up that says "App scan recommended" screen, which can show things like \"Play Protect hasn't seen this app before" and that Google would really like your permission to add it to the database.
Users are then required to select one of the two options: "Scan app" or "Don't install app."
There is no option to skip this process.
If users wish to install an app, they have to allow Google Play Protect to scan the app first on a code level, before anything else.
Once the real-time analysis is complete, users will get a result letting them know if the app looks safe to install or if the scan determined the app is potentially harmful.
Google Play Protect has always been able to check sideloaded apps for malware, but it was relying on faster techniques, and running things in the background, in order to not ruin the experience of running Android.
But with the change, Google is delaying the installation of apps with a full-screen "scanning" interface while Google runs a deep scan of the app code.
This way, the company can ensure that apps are what they say they are, and no malware shall be installed on users phone.
This enhancement will help better protect users against malicious polymorphic apps that leverage various methods, such as AI, to be altered to avoid detection.