Google Play Protect deploys real-time scanning to fight malware


Many malicious apps employ sophisticated techniques to evade detection. In response, Google has announced new real-time scanning features for its Google Play Protect.

According to the corporation, this should enhance safety for all Android users by decreasing malware infections on the Play Protect platform.

Google says that the platform, which is a protection system for performing on-device scans for unwanted software and malware, is already extremely powerful, delivering 125 billion scans a day. Play Protect is enabled on all Android devices with Google Play Services.

If it finds a potentially harmful app, Google Play Protect can take certain actions such as sending a user a warning, preventing an app install, or disabling the app automatically. What’s more, the platform also works for APKs (Android packages) downloaded from external sources and third-party app stores.

However, cybercriminals have resorted to artificial intelligence and polymorphic malware to alter identifiable information in a malicious program to bypass automated security platforms. This, of course, reduces the effectiveness of the scans.

“They’re turning to social engineering to trick users into doing something dangerous, such as revealing confidential information or downloading a malicious app from ephemeral sources – most commonly via links to download malicious apps or downloads directly through messaging apps,” Google said on its Security Blog.

And once the malicious apps are installed, it’s virtually impossible to stop them. That’s why Google says it has now enhanced Play Protect with real-time scanning at the code level. This means that the platform will recommend a real-time app scan when installing apps that have never been scanned before to help detect emerging threats.

“Scanning will extract important signals from the app and send them to the Play Protect backend infrastructure for a code-level evaluation. Once the real-time analysis is complete, users will get a result letting them know if the app looks safe to install or if the scan determined the app is potentially harmful,” said Google.

“This enhancement will help better protect users against malicious polymorphic apps that leverage various methods, such as AI, to be altered to avoid detection.”

The enhanced Play Protect scanner will leverage static analysis alongside heuristics and machine learning to identify patterns of malicious activity.

It has started to roll out to all Android devices with Google Play services in select countries, starting with India, and will expand to all regions in the coming months.

Android dominates the global mobile operating system (OS) market with a share of 70.5%, according to Statista. However, even though Android has lately focused more on security and privacy, Cybernews’ research has shown that its apps – clean or malicious – still require excessive permissions. This is obviously posing a risk to user data.

What’s more, it turns out that it’s virtually impossible to take full control of one’s Android apps and their permissions. Despite revoking all user-available permissions, our journalist has found that apps can still run on startup, stay in the background, have full network access, and access sensitive information.

“If a user downloads an Android app but denies all requested permissions, malicious actors may still be able to track and gather certain information from the user's device,” Paul Shunk, staff security intelligence researcher at Lookout, told Cybernews.


More from Cybernews:

I tried to revoke all Android app permissions but it was impossible

Book review: where do you go when there’s nowhere to hide?

Music publishers sue AI company Anthropic over stealing lyrics

Patch up, please: state-backed actors still exploiting known WinRAR vulnerability

Biometrics will create digital poorhouse, says study

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are markedmarked