Google is beefing up its Android app security
Android apps are already scanned for malware as they’re being downloaded for the first time. However, the new, improved Verify Apps system will ensure that the apps are now also routinely checked once they’re up and running on consumers’ handsets.
Google says that the improvements will not just verify an app prior to install, but will warn or block potentially harmful apps and, most importantly, will work as a feature on devices running Android 2.3 onwards, essentially protecting roughly 90 percent of the world’s Android smartphone and tablet owners.
In recent weeks, Google’s app submission and validating process has been under scrutiny. On March 25, Trend Micro Labs reported that it had found legitimate apps available for download on Google Play, and which had been downloaded over 1 million times, that once installed were mining cryptocurrency.
Meanwhile earlier this week, Android Police uncovered a popular premium antivirus app — Virus Shield — as nothing more than a scam. Once installed, it did nothing.
In a blog post announcing the improvements to Verify Apps, Android Security Engineer Rich Cannings made no mention of recent issues and instead highlighted how unlikely it is that the average Android smartphone user will ever fall victim to a bad app: “Because potentially harmful applications are very rare, most people will never see a warning or any other indication that they have this additional layer of protection. But we do expect a small number of people to see warnings (which look similar to the existing Verify apps warnings) as a result of this new capability. The good news is that very few people have ever encountered this; in fact, we’ve found that fewer than 0.18% of installs in the last year occurred after someone received a warning that the app was potentially harmful.”
As for Virus Shield, which was pulled from the Google Play store on Monday, its developer, Jesse Carter, told The Guardian on Thursday that the whole thing was a big misunderstanding. A placeholder had been accidentally uploaded to Google Play rather than the finished app.
“After reading the article created by AndroidPolice, we immediately unpublished our app from the marketplace to upload the intended version. However, our Google Play Developer account was suspended before we could make said amendments. We have not withdrawn any earnings received from Virus Shield and intend to refund all purchases. We may possibly upload the intended version of the app for free to everyone,” he said.