Google’s Practical Action Against Malware and Its Authors

Android has grown from a minority player in the mobile operating system market of 2008, a world dominated by Research-in-Motion’s Blackberry and Microsoft Windows mobile. With 1 billion unique Android devices checking-in with Google Play every month, it has reached a number so huge that the Law of Large Numbers applies to it. This was proven by the recent news from Eset that a particular gaming developer that posted 13 games in Google Play Store was bundling malware to their apps. With the app install base of the game reaching 580,000, some users have malware in their phones even if they only sourced their apps from the Play Store.

The users who downloaded these apps will not feel any different, except that the app they expect to run will just force close over and over again. This prompts the users to uninstall them eventually for lack of functionality. Google on their part has claimed that the takedown was due to the app developer has violated the Terms of Service of hosting apps in Google Play Store.

The security of Android is always work in progress. Being the top mobile operating system, and being “inclusive” creates a much easier ecosystem for developing apps. Unlike Apple’s iOS platform, the Google Play Store publishes apps for users with fewer restrictive rules. It is more of an open system as users are not locked down to just using the Google Play Store for their apps, but Google opens the possibility of enabling Unknown Sources option, which enables installation of apps from 3rd party sources.

Such freedom entails some form of responsibility and obligations imposed on the shoulders of the end-users. They have to choose where they source their apps when they want to update them and if they so choose to even upgrade. In Android they can do operating system upgrades using the vendor-provided update or through a custom ROM.

Google has been improving the capabilities of Google Play to detect malware embedded with apps, the technology dubbed Google Play Protect which is embedded in every version of Google Play Services. This is also supplemented by Android 6.0 Marshmallow and later’s use of a better permission system, where individual permissions can be accepted or revoked by the user. With these two technological improvements on Android, the platform is seen to prevent more PHAs from being installed in an average Android device.

“Google Play Protect is Google’s built-in malware protection for Android. Backed by the strength of Google’s machine learning algorithms, it is always improving in real time. Google Play Protect continuously works to keep your device, data, and apps safe. It automatically scans your device and makes sure you have the latest in mobile security, so you can rest easy. All Android apps undergo rigorous security testing before appearing in the Google Play Store. We vet every app and developer in Google Play and suspend those who violate our policies. Then, Play Protect scans billions of apps daily to make sure everything remains spot on. That way, no matter where you download an app from, you know it’s been checked by Google Play Protect,” explained Google in their official Play Protect Microsite describing the program.