Is Google planning on integrating an antivirus scanner into Android? A just-released Google Play store app update as well as the company’s recent acquisition of VirusTotal seem to hint that yes, Google is looking into it. Let’s dive in.

Google Play Store update

Google yesterday started rolling out an update to its Google Play Store app: version 3.8.17 from August was bumped to version 3.9.16 in October. Android Police got its hand on the APK and posted an extensive tear down.

The first change noted was the addition of new security-related artwork (exclamation icons and security shields) as well as the following strings:

App Check
“Allow Google to check all apps installed to this device for harmful behavior? To learn more, go to Settings > Security.”
Installing this app may harm your device
Installation has been blocked
Google recommends that you do not install this app.
To protect you, Google has blocked the installation of this app.
App name: “%s”
I understand that this app may be dangerous.
Verify apps?

As Android Police notes, there are two parts to this: something called “App Check” would apparently allow Google to inspect apps you’ve already downloaded and a second feature would warn you if an app you’re trying to install is suspicious. The former could be launched manually with a “Verify apps?” button (as well as automatically on a regularl basis, we assume), while the latter could be bypassed if users choose to install a given app anyway.

Google already has a server-side Play Store malware checker called Bouncer. The automated antimalware system removes malicious apps uploaded to the Play Store and is meant to prevent repeat-offender developers. Yet what is being described here is a client-side antimalware system, which would be particularly useful for apps not on the Play Store that Android users are installing from various sources.

Virus Total’s Android app

Where did this all come from? Well, look no further than Google’s acquisition of VirusTotal last month. The free security service is used for analyzing suspicious files and URLs typically accessed by desktop computers, and Google gave us the following statement when it bought the small company:

Security is incredibly important to our users and we’ve invested many millions of dollars to help keep them safe online. VirusTotal also has a strong track record in web security, and we’re delighted to be able to provide them with the infrastructure they need to ensure that their service continues to improve.

virustotal android 520x433 Play store update and VirusTotal buy: Google may soon scan your Android apps for malware

Yet here’s something that few people know: VirusTotal has an Android app. Version 1.0 was released in June 2012 on the Google Play store with the following description:

VirusTotal checks your Android applications device against www.virustotal.com
VirusTotal for Android checks the applications installed in your Android phone against VirusTotal (http://www.virustotal.com). It will inform you about malware (virus, trojans, worms) on your phone and allows you to upload any unknown applications to VirusTotal. In other words, VirusTotal for Android will get your applications scanned by more than 40 antivirus, flagging any undesired content.
Please note that VirusTotal for Android does not provide real-time protection and, so, is no substitute for any antivirus product, just a second opinion regarding your apps.

Here are some more technical details from VirusTotal’s blog post announcing the app:

The application will perform hash lookups for all the applications installed in your mobile device. If the application was scanned by VirusTotal in the past and detected by one or more antivirus vendors its results icon will be a red droid, green if it was not detected. A blue question mark will appear next to applications that are unknown to VirusTotal.

You can upload to VirusTotal any application that was not seen in the past, in order to do this you will have to provide your VirusTotal Community credentials, the application will then use your API key to perform the uploads. The file will enter a low priority scanning queue and the application will trigger an Android notification whenever the scan ends.

The application has some other features such as rescanning, filtering or detailed results, read more about them at its documentation site.

Three months later, Google bought them out. Could this just be a coincidence? Sure, but somehow I doubt it.

For months I’ve been talking about how Google needs to step up its game to fight malware on the Android platform. The company of course realized this long before any security reporter did, and while the above doesn’t confirm any such steps, it suggests that the search giant is at least exploring its options.

Image credit: Gravity X9