Wednesday, January 18, 2017

Google Shares Details on How They Spot Malicious Apps in the Play Store

Google works very hard at keeping malicious applications out of the Play Store and off of your device. They aren't perfect at this and there are some instances when a malicious app slips through the cracks and is published in Google's application store. Thankfully, Google will remove them if an issue is brought to their attention, but they're still constantly scanning and checking applications and games that have already been published in the Play Store.

One of the methods Google uses to see if an application on your device is safe, is with their Verify Apps feature. This will scan an application you want to install from outside of the Play Store. This scan takes place before and after it's actually installed on your phone just to make sure it is safe to be on there. This verify function is baked into the Android OS and there are instances when a device is no longer using the feature at all (which in some cases can be security reasons).

Google flags these devices that are no longer using the verify feature and considers them to be Dead or Insecure (DOI). Now, if Google starts to detect that an application is being installed from the Play Store to a high number of DOI devices, then that raises a flag for them. This flags that as a DOI application, and Google uses this metric with many other security measures to see if it needs to be investigated. Google is even taking this a step further and finding out if an application is the cause of the phone becoming DOI.

For instance, if Google notices that a high number of devices are becoming DOI because they installed a certain application or game from the Play Store, then it makes sense that this would need to be looked into. Using these methods, Google has been able to uncover over 25,000 applications that had been infected by the Hummingbad, Ghost Push, and Gooligan malware.

Source: Android Developers Blog



from xda-developers http://ift.tt/2jnOAFG
via IFTTT

No comments:

Post a Comment