Android will now scan sideloaded apps for malware at install time

  News
image_pdfimage_print
Google's new malware scanner for sideloaded apps.
Enlarge / Google’s new malware scanner for sideloaded apps.

The Google Play Store might not be perfect for stopping Android malware, but its collection of scanning, app reviews, and developer requirements makes it a lot safer than the wider, unfiltered Internet. The world outside Google’s walled garden has no rules at all and offers a countless number of questionable apps available for sideloading. To help combat the surge of sideloaded malware, Google Play can now pop up a malware scanner at install time if it decides the app you’re trying to sideload is interesting.

Google Play’s malware system, called “Google Play Protect,” has always been able to check sideloaded apps for malware, but it used faster techniques like a definition file, and this happened quietly in the background. This new technique will delay your app installation with a full-screen “scanning” interface while Google runs a deep scan of the app code. Google’s blog post says this is “real-time scanning at the code-level to combat novel malicious apps” and that Google Play Protect can “recommend a real-time app scan when installing apps that have never been scanned before to help detect emerging threats.”

The scan will involve sending bits and pieces of the app to Google for analysis. Google says:

Scanning will extract important signals from the app and send them to the Play Protect backend infrastructure for a code-level evaluation. Once the real-time analysis is complete, users will get a result letting them know if the app looks safe to install or if the scan determined the app is potentially harmful. This enhancement will help better protect users against malicious polymorphic apps that leverage various methods, such as AI, to be altered to avoid detection.

Google also shared the above screenshot of what this interface will look like. Google Play pops up an “App scan recommended” screen that says “Play Protect hasn’t seen this app before” and that Google would really like your permission to add it to the database. While all the language around this makes it sound optional, the two options in the screenshot are “Scan app” and “Don’t install app,” with no visible option to just install it and skip the scan. There is a “more details” button that could possibly hide a “skip” option, but Google doesn’t mention it.

Google hasn't produced new malware statistics in a while, but the last report showed a much higher malware install rate outside of Google Play.
Google hasn’t produced new malware statistics in a while, but the last report showed a much higher malware install rate outside of Google Play.

Google hasn’t published detailed stats about the dangers of sideloading in a while, but in 2018, it used to publish yearly security reports with statistics on malware installation sources. Back then, Google found that 0.04 percent of all downloads from the Google Play Store were “PHAs” (potentially harmful apps), while sources “Outside of Google Play” had a 0.92 percent PHA install rate. That means you’re 20 times more likely to install malware outside of the Play Store, and considering that is basically a comparison between having some malware controls on Google Play and none at all on the free-wheeling Internet, it’s not a huge surprise.

Google is first rolling this feature out in India—a country that topped the malware distribution charts in that 2018 report—with the company saying the feature “will expand to all regions in the coming months.”

Listing image by Aurich Lawson / Getty Images

https://arstechnica.com/?p=1976895