Google is finally making moves to tackle the menace that is Android malware.
To this end, the internet giant has officially announced a partnership with cybersecurity firms ESET, Lookout, and Zimperium to catch sketchy apps before they end up on your devices.
Called the “App Defense Alliance,” the initiative aims to reduce the risk of app-based malware, identify new threats, and protect smartphone users from bad actors leveraging the platform for their gain.
To do so, Google is integrating its Play Protect malware detection systems with each partner’s scanning engines, thereby generating valuable risk intelligence that can be carefully scrutinized before making a third-party app available on the Play Store.
Introduced in 2017, Google Play Protect combines a mix of on-device protections and a cloud-based infrastructure to routinely scan over 500,000 apps to keep tainted apps off Google Play and out of users’s devices. It also leverages machine learning to detect malicious apps faster and at a larger scale without any human supervision.
The development comes as the Android platform has been beset by numerous instances of malware in recent months, what with smartphones proving to be a lucrative attack surface for criminals to carry out highly targeted campaigns.
Android security at stake
The Play Store malware trouble has been accentuated in part due to the open nature of the ecosystem.
Although Google has employed Google Play Protect as a means to secure devices from potentially harmful applications (PHAs), it’s been powerless against what appears to be a steady pattern of nasty apps bypassing its scanning process, highlighting the scope of the issue.
Last month, Lukas Stefanko, an ESET security researcher, compiled a list of 172 apps on Google Play with upwards of 335 million installs that were found to engage in ad fraud, credit card phishing, and serve other kinds of malware. And this was just for September.
Android Security Monthly Recap #9
Review of harmful apps found on Google Play in September 2019
— Lukas Stefanko (@LukasStefanko) October 1, 2019
Complicating the problem is the counter-mechanisms devised by Android malware authors to obfuscate their true colors.
The apps have been found to engage a number of sneaky workarounds to get past Google’s security checkpoints — including making use of remote command and control servers to download second-stage malicious payloads after going live, incorporating encrypted code, and even adding time-based activation delays to bypass detection barriers.
In its annual “Android Security & Privacy Year in Review” report released earlier this year, the search giant said only 0.08 percent of devices that used Google Play exclusively for app downloads were affected by PHAs in 2018.
Yet Google’s failure to rein in malware-laced apps has raised concerns about its supposedly vetted store. Increasingly, what should be its job of proactively catching bad apps has been passed on to users, who must carefully inspect every app they intend to install on their devices.
More troublingly, even after Google removes a PHA from Google Play, the users who installed the app on their devices continue to remain at risk.
In forging this new alliance, the intention is to better screen apps before they are approved for download, and prevent users from accidentally downloading an offending app.
The fact that Google sought outside reinforcements to beef up Android app security is an acknowledgment of the seriousness of the situation. As they say, better late than never.