Skip to main content

Google adds extra layer of protection against malicious external apps

Google wants to keep a tighter leash on external Android apps by using Verify Apps on every device to ensure the safety of non Google Play Store apps even after installation.

Related: Android 4.2’s built-in malware scanner: A total failure?

The company announced at the RSA Conference that it will change the build of Verify Apps with Adrian Ludwig, Android’s security engineer lead, explaining the changes will require no extra action by the device user, according to CNET.

Verify Apps, which was first implemented last year, will scan apps installed outside of the Google Play Store and inform the user when an app is determined to be malicious, the user not having to make any changes for the option to be activated.

When an app is identified as malicious users will see a warning in the notification tray and the final decision on whether to install the app still rests with the device owner or user.

The verification method, which is embedded in the OS, has been criticised in the past after researchers discovered that the service only managed to detect just over 15 per cent of the malware signatures back in December 2012. That was on Android 4.2 Jelly Bean and the service is more effective on the new versions of the OS despite the level of malware on Google Play increasing at an alarming rate.

At the same time as announcing the tweak to Verify Apps, Ludwig uncovered various figures on malware that showed 95 per cent of devices have Verify Apps installed and that most device owners install apps from “trusted sources.” Google doesn’t currently know the per cent of apps that evade runtime defences and cause harm but stated that it’s less than 0.001 per cent of apps.

Related: Android struggles under malware attack deluge, says Cisco

Hackers target Android more than any other OS due to its open nature and the fact that it is by far the largest and most widespread of any mobile OS.