Google Strengthens Android App Security With Continuous Post-Install Scans

Google is making a change to its Android security systems today that is meant to ensure that users who install apps from outside of the Google Play store are a bit safer from malicious apps.

Currently, Android users can have Google scan their apps for malicious code at the time of installation. Going forward, Google will expand this program with a more service-based system that will continuously check the device to make sure that apps are “behaving in a safe manner, even after installation.” This means that as Google learns more about mobile malware, it can now check for this kind of code even after you’ve installed an app. Until now, once a malicious app had made it through Google’s security systems, there was no way to detect it later.

SNP_2812914_en_v0The new continuous checks use the same app-scanning technology Google already uses on Android and in its Chrome browser.

In total, Google says, the regular “Verify apps” feature in Android has been used more than 4 billion times so far. Google expects that most people will never see these new warnings pop up on their devices. When they do, though, they will look almost exactly like today’s Verify apps warnings. In today’s announcement, Google stresses that those warnings are highly effective. Only 0.18 percent of installs in the last year occurred after someone received a warning that an app was potentially harmful.

It’s no secret (PDF) that Android accounts for the vast majority of mobile malware. Very little of it (0.1 percent according to some reports) comes from Google’s own Play store. Instead, the main vector for malicious mobile apps are third-party stores — often in countries where Google doesn’t offer an official store itself.