How does Google Play Protect aim to improve Android security?

Google's new security platform, Google Play Protect, looks to decrease Android app security threats through machine learning. Michael Cobb explains how the new platform works.

Google's new security platform, known as Google Play Protect, aims to improve Android application security. What...

are some of the features in Google Play Protect, and does it do enough to bolster app security?

The open nature of the Android ecosystem has helped make it the most popular OS for mobile devices, but it has also made it a firm favorite with hackers -- more than 99% of all malware designed for mobile targets Android devices, according to a recent report by F-Secure.

Although all the apps are scanned by Bouncer, Google's security system, prior to them being made available in the Google Play Store, occasionally, a malicious app still makes it through, often masquerading as a popular or useful app. Hackers have now taken to hiding malicious code deep within their apps, only activating it once the app has passed inspection and is made available in the store; examples include the Charger ransomware and Skinner adware.

Although Google claims just 0.05% of users who downloaded apps from the Google Play Store in 2016 were infected with malware, down from 0.15% in 2015, just one malicious app can still infect millions of devices due to the size of the Android user base. For example, cybercriminals managed to trick 1.5 million people into installing 13 different malicious apps designed to steal Instagram credentials.

A common technique to avoid detection when an app is first submitted to the Google Play Store is to encrypt any malicious code within the app or to activate it later once the app has been installed by the user, like the malicious game Viking Horde.

To better combat this type of malware, Google has announced Google Play Protect, a security package for Android devices consisting of app scanning with machine learning technology to look for harmful apps, implement browser protection and provide antitheft measures.

Google Play Protect's app scanning feature replaces Google's previous app scanning tool, Verify Apps, and is actually built into any device that comes with the Google Play Store. It's an automated and always-on service. Google claims it scans 50 billion apps per day across a billion Android devices, scanning and verifying apps before and after they've been downloaded, even those from third-party app stores.

It's this constant scanning for changes in behavior of installed apps that Google hopes will protect devices and users from apps that only turn malicious once installed. If the scans do find any suspicious activity, the responsible app is automatically disabled.

The Safe Browsing feature, while not new, also aims to prevent malware from getting onto a device. Any site a user tries to access is checked against Google's list of unsafe sites, and a warning appears for any site considered dangerous.

Of course, two of the most common risks to mobile devices are loss and theft, which is why Android Device Manager has been rebranded as Find My Device, with a new user interface and a few new features. It has the ability to remotely lock a lost device, display a message on the lock screen or to wipe data if there is no chance that the device will be returned.

While some of the security measures in Google Play Protect have been around for a while, this is a welcome overhaul, giving users more information about their device's security. Play Protect is slowly rolling out to users who are running Play Services 11 or above.

Next Steps

Find out about more apps slipping by Google Play security

Learn how app modernization has been on the rise

Concerned about your phone's safety? Learn how to wipe it remotely

This was last published in October 2017

Dig Deeper on Threats and vulnerabilities