Android Will Now Scan Sideloaded Apps For Malware At Install Time
The Google Play Store may not be ideal for stopping Android malware, but a combination of analytics, app reviews, and developer requirements makes it safer than the broader unfiltered Internet. The world outside Google's walled garden has no rules, and dozens of controversial apps are available for sideloading. To help combat the creation of sideloaded malware, Google Play can now display a malware scanner upon installation if it determines that the app you're trying to sideload is interesting.
Google Play's anti-malware system, called Google Play Protect, has always looked for malware in downloaded apps, but it uses faster techniques like profiling, which it creates silently in the background. This new technology will delay the installation of your app through a full-screen "scan" interface while Google performs a thorough analysis of the app's code. Google's blog post states that it "programmatically scans in real time to combat new malicious apps" and that Google Play Protect "may recommend real-time app scanning when installing apps that have not previously been scanned for emerging threats".
The review will send parts of the app to Google for review. Google says:
The analysis will extract important signals from the application and send them to the infrastructure that supports Play Protect to evaluate the level of the code. Once the real-time scan is complete, users will be prompted to find out if the app appears safe to install or receive a result that the app is not safe to install. This improvement will better protect users from polymorphic malware applications that use different methods, such as artificial intelligence, to modify themselves and avoid detection.
Google also shared the screenshot above of what this interface will look like. Google Play displays a "Search for recommended apps" screen that says "Play Protect has never seen this app before" and that Google requires your permission to add it to your database. While the language around this seems optional, the two options in the screenshot are "Scan App" and "Do Not Install App," with no obvious option to install and bypass the scan. There is a "More details" button that can hide the "Skip" option, but Google doesn't mention it.
Google has not published detailed statistics on the risks of sideloading for a long time, but in 2018 it published annual security reports with statistics on malware installation sources. At the time, Google found that 0.04% of all Google Play Store downloads were "PHA" (potentially harmful apps), while "sources outside of Google Play" had a lower PHA install rate, while 0 ,ninety two%. This means you're 20 times more likely to install malware outside of the Play Store, which isn't a huge surprise considering this is basically a comparison between fewer malware scans on Google Play and no free internet scans .
Google is rolling out the feature first in India – a country that topped malware distribution charts in a 2018 report – where the company says the feature "will roll out to all regions in the coming months."
Listing image by Aurich Lawson/Getty Images
