Google Play to Use Third Party Security to Scan Apps
Google is to use outside help to scan apps before they go into the Google Play store. It says the move is needed to cope with the continuing increase in the number of rogue Android apps. Just two weeks ago, 21 Android apps were reported to be rogue; in early September, 24 apps were found to be rogue.
The new "App Defense Alliance" involves Google working with three security companies, namely: ESET, Lookout and Zimperium. They all specialize in mobile security with a particular emphasis not just on spotting individual rogue apps, but on figuring out common characteristics and clues that make it easier to detect other malware. (Source: google.com)
The partnership involves integrating Google's own malware scanner, Google Play Protect, with those of the aforementioned security companies. This will also allow direct, secure communication between the companies. (Source: bbc.co.uk)
Collaboration Helps Both Sides
In effect it's a trade of intelligence.
Google already vets apps before the go in the Play Store, but will now have the option to run them through one or more of the security company systems before they go public. That could be a significant change, as currently such security companies can only spot problems in apps after they've been installed and used. The idea here is to spot the rogue apps before any installation is made, sort of like how antivirus on a Windows PC is supposed to work.
In return, the security companies can use Google Play Protect as an extra check, particularly when apps are downloaded outside of the Google Play store.
It's a smart move for Google as it responds to the increasing number of cases where apps are turning out to contain malware. This also undermines Google's primary security argument which is that users should only ever trust apps they got from Google Play.
Malware Creators Cunning
Cybersecurity experts will be interested to see if the third-party checks are able to beat malware creators who've found a way to effectively smuggle malware past the Google checks.
One recent study suggested there are approximately 50,000 fake apps on Google Play posing as legit apps, but riddled with ads.
Other tactics include encrypting code so that it can't be read by malware scanners. Another trick is delaying the point that the malware activates so that it won't be picked up by a scan. Some malware even poses as Google files to take advantage of "whitelisting" features that skip checks on files that are assumed to be safe.
What's Your Opinion?
Should Google have made this move earlier? Are there any potential drawbacks? How much trust do you put in Google Play Store to vet apps before release?
Most popular articles
- Which Processor is Better: Intel or AMD? - Explained
- How to Prevent Ransomware in 2018 - 10 Steps
- 5 Best Anti Ransomware Software Free
- How to Fix: Computer / Network Infected with Ransomware (10 Steps)
- How to Fix: Your Computer is Infected, Call This Number (Scam)
- Scammed by Informatico Experts? Here's What to Do
- Scammed by Smart PC Experts? Here's What to Do
- Scammed by Right PC Experts? Here's What to Do
- Scammed by PC / Web Network Experts? Here's What to Do
- How to Fix: Windows Update Won't Update
- Explained: Do I need a VPN? Are VPNs Safe for Online Banking?
- Explained: VPN vs Proxy; What's the Difference?
- Explained: Difference Between VPN Server and VPN (Service)
- Forgot Password? How to: Reset Any Password: Windows Vista, 7, 8, 10
- How to: Use a Firewall to Block Full Screen Ads on Android
- Explained: Absolute Best way to Limit Data on Android
- Explained: Difference Between Dark Web, Deep Net, Darknet and More
- Explained: If I Reset Windows 10 will it Remove Malware?
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
We are BBB Accredited
We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.
Comments
Malware and other rats
I think when a developer is discovered to have placed malware in his/her/its package, that developer needs a substantial government punishment. Those of us who actually USE the internet spend way too much valuable time preventing the bad guys from whatever dirty-deed they have in mind. If some of these nasties were put into prison for 20 or 30 years, then at least those particular rats would not be able to foul-up our systems.
Jail time for malware developers
I agree with your sentiments, however, the problem is that the malware is created by large criminal organizations (sometimes state-sponsored), and located half way around the world in India, China, and Russia, for example.
The issue here is not only locating these idiots in the first place, but also successfully being able to prosecute these criminals using joint police / government efforts.
The malware on your phone, tablet, or computer won't ever go away for the same reason you get those non-stop robocalls from the "IRS" (usually in a robot generated voice) stating that you are going to jail unless you pay a hefty fine by wiring money tens of thousands of dollars to a bank in Thailand. Scam!
It's also the same reason the Indian tech support scammers that I've reported on multiple times will never, ever stop scamming people. All these scams are run but smart criminals and protected by the local police to look the other way because they're paid off. This is literally a billion dollar industry.
Agree that consequences are
Agree that consequences are needed for the scamming/malware app developers.
Next step should be a functional check for every app and update.