Here's the problem: Google (seemingly) vets apps when they hit the Google Play store, but there can be times — rare times — when apps change their permissions or otherwise do something they shouldn't post-installation. There are also plenty of third-party apps that users can install on their Android devices that otherwise escape Google's "Bouncer" security scanning for the Google Play store. And, of course, there are likely a subset of Android users who have had apps installed on their smartphones prior to Google's unveiling of its "Verify apps" or "Bouncer" security features.
Three scenarios; three ways for users to get apps on their Android devices that might otherwise cause a little mischief.
Google is about to make the process of app scanning, verification, and warning a wee bit easier by unveiling a new extension to its Verify apps service. The Android overlord will now automatically check devices on a continual basis to ensure that "all apps are behaving in a safe manner, even after installation."
Related: The best Android security apps
"In the last year, the foundation of this service—Verify apps—has been used more than 4 billion times to check apps at the time of install. This enhancement will take that protection even further, using Android's powerful app scanning system developed by the Android security and Safe Browsing teams," Android security engineer Rich Cannings wrote in a blog post.
Cannings said fewer than 0.18 per cent of app installations in the past year happened after a user received an on-phone malware warning from the Verify apps service. That sounds all well and good, but it's important to take note of just what Google scans for when it's contemplating slapping an app on the blacklist.
As mentioned, Google scans apps that one sideloads onto one's device — assuming a user has agreed to the practice, otherwise Google does absolutely nothing. Google also scans apps loaded into the Google Play store, but that's not to say that every single app is picture perfect. There have definitely been reports of malware making it onto the service, in addition to paid-for apps that seemingly do nothing at all. While the latter isn't technically "malware," given that it doesn't do anything nefarious to one's device, these apps do misrepresent themselves as helpful when they are, in fact, little more than money sinks.
While it's unclear just how many Android users might be affected by the new, sustained app scanning (in a positive way), at least the move is a more proactive step toward addressing issues with apps people have previous snagged — especially those that survived Google's first checks. It's also a boon for those who frequently turn to third-party sites for their apps instead of Google Play itself.
The new feature officially started rolling out today as a free Google Play update to those running Android 2.3 or later.
The announcement comes shortly after the Virus Shield for Android app shot to the top of the Google Play store before it was discovered to be a total scam.