Google Play Protect Introduces Real-Time Code-Level Scanning for Android Malware
19.10.23 Android The Hacker News
Google has announced an update to its Play Protect with support for real-time scanning at the code level to tackle novel malicious apps prior to downloading and installing them on Android devices.
"Google Play Protect will now recommend a real-time app scan when installing apps that have never been scanned before to help detect emerging threats," the tech giant said.
Google Play Protect is a built-in, free threat detection service that scans Android devices for any potentially harmful apps downloaded from the Play Store as well as other external sources. In extreme cases, an app may be blocked from being installed.
The check expands on previous existing protections that alerted users when it identified an app known to be malicious from existing scanning intelligence or was identified as suspicious from heuristics gathered via on-device machine learning.
With the latest safeguards, important signals from the app are extracted and sent to the Play Protect backend infrastructure for a code-level evaluation in real-time to determine if it's safe to install or it's malicious in nature.
"This enhancement will help better protect users against malicious polymorphic apps that leverage various methods, such as AI, to be altered to avoid detection," Google said, adding the feature is being rolled out in select countries, starting with India.
The security improvement comes as threat actors continue to find different ways to propagate Android malware, often through links to deceptive apps or APK files sent on messaging apps.
It also follows a revision to the Android Security Paper, which "provides a comprehensive overview of the platform's built-in, proactive security across hardware, anti-exploitation, Google Security Services and the range of management APIs available for businesses and governments alike."