To avoid detection, Google has found that malicious parties are looking beyond the Play Store to infect Android devices with malware. In response, Google is updating Play Protect and extending its scan protections.
When you install apps via sideloading (outside of Google Play), Play Protect already runs real-time checks that leverage “existing scanning intelligence,” on-device machine learning, similarity comparisons, and other techniques. The company finds that “downloads directly through messaging apps” are a common origin, citing social engineering tactics.
Google is now updating Play Protect with real-time scanning at the code level. It will “extract important signals from the app and send them to the Play Protect backend infrastructure for a code-level evaluation.” This is intended to detect emerging threats, like polymorphic malware that can change its identifiable features.
A prompt appears when you attempt to install applications that “have never been scanned before.” The options are “Scan app” and “Don’t install app.” Google will provide a reason why it was determined to be harmful, like “app can allow unauthorized access to your data or device.”
Once the real-time analysis is complete, users will get a result letting them know if the app looks safe to install or if the scan determined the app is potentially harmful. This enhancement will help better protect users against malicious polymorphic apps that leverage various methods, such as AI, to be altered to avoid detection.
This is rolling out starting in India and will expand to all countries in the coming months.
Google Play Protect scans 125 billion apps every day and can disable apps entirely.
More on Google Play:
FTC: We use income earning auto affiliate links. More.