Android’s built-in security The Google Play Protect engine has a new feature that performs real-time analysis of an Android app’s code and blocks its installation if it is considered potentially harmful.
Google announced in October the new real-time app scanning feature integrated into Google Play Protect which, according to the company, can help detect malicious or fake apps installed from outside the app store. These apps will transform their appearance or use ai to alter the apps’ code in a way that helps them avoid detection.
Google said this Play Protect feature now recommends a real-time app scan for any new apps that have never been scanned before. It consists of a code analysis that “will extract important signals from the application and send them to the Play Protect backend infrastructure for code-level evaluation.”
The Android App Store has billions of apps that Google scans for malware, although not always successfully. Many device owners also choose to download Android apps, which completely bypass the App Store and its many lines of defense. Downloading remains a popular feature for Android users, even if it means having to trust that the app they are installing is not malicious.
One of the key reasons Google is introducing its improved real-time code-level scanning feature is to counter the proliferation of predatory lending apps. These apps have led to harassment of users, which in some cases has led victims to take their own lives. Bad actors gain access to user data, including contacts and photos, which is used to intimidate users. TechCrunch extensively covered the impact of predatory lending apps on Indian users. Google also said it removed more than 3,500 such apps in the year for violating its policy requirements. Attackers still find ways to attack their victims.
“Our policies make it more difficult for predatory apps to appear on the Play Store. But bad actors are inventive and finding new ways to deceive people and that is why we are taking additional measures,” said Saikat Mitra, Google’s head of trust and safety for APAC at the Google for India event in New Delhi last month. past. when announcing the Play Protect update.
Google initially rolled out the Play Protect update in India, with plans to expand internationally soon. TechCrunch tested the feature for ourselves by loading a phone with a variety of malicious and bad apps to see what worked.
We attempted to install over 30 different malicious apps, from stalkerware and spyware to predatory lending apps and fake scams of popular apps. Google Play Protect blocked almost all malicious apps with warnings like “Apps from unknown developers can sometimes be insecure” and “This app tries to spy on your personal data, such as SMS messages, photos, audio recordings, or call history.” ”, or “This application is fake”. However, a handful of recently created predatory lending apps were successfully installed.
Screenshots showing Google Play Protect real-time app scanning to see if an app is malicious. Image credits: Google
To test the extent of the Play Protect update, we used a Pixel 7a with a fresh install of Android 14 with an updated Google Play Store that features real-time code-level scanning.
We began testing on the Pixel 7a by attempting to install several spyware apps that were renamed or cloned, or had code changes that would attempt to evade detection. (We do not name or link the applications due to their malicious nature.) Commercial surveillance apps, such as stalkerware or spousal software, are often installed surreptitiously by someone with physical access to a person’s phone, often a spouse or common-law partner. These spyware apps silently and continuously upload the contents of the person’s phone, including messages, photos, and real-time location data, and present a significant security and privacy risk to people whose phones are compromised.
Play Protect intervened every time we tried to install spyware and stalkerware. The feature blocked the apps from installing and labeled them as “harmful.”
We also picked a handful of predatory lending apps that were disguised as popular Android apps. These loan apps upload the device’s contact list to a server under the guise of preventing fraud, and loan agents can use this access to send threatening and intimidating messages and calls to your contacts. The home page of one of the predatory lending apps looked like a normal Google Play listing, but required the user to manually download and download the app from outside the app store.
The Play Protect update did not restrict the installation of five predatory lending apps at the time of our testing.
We also tried installing a couple of apps that appear to be fake versions of other popular apps listed on Google Play. The apps we tested have similar names and feature nearly identical designs and user experiences, but they are clearly underdeveloped imitations. One of the fake apps imitated a popular game and the other posed as a widely used VPN app.
Play Protect allowed the installation of these two apps, although it is unclear for what purpose the fake apps were initially developed.
“With this recent enhancement, we’re adding real-time code-level scanning to Google Play Protect to combat new malicious apps, regardless of whether the app was downloaded from Google Play or elsewhere,” said Google spokesperson Scott Westover. , in an email TechCrunch when contacted for comment. “These capabilities will continue to evolve and improve over time, as Google Play Protect collects and analyzes new types of threats facing the Android ecosystem.”
Downloading allows the freedom to install any Android app, but not without risks. Faced with a continuous onslaught of apps that rapidly change their appearance and code, Google’s new real-time app scanning feature is an important last line of defense for billions of users and will only get better over time.
