admin

Google reveals its stealthy moves to keep Android phones free from malware – CIO

Decrease Font Size Increase Font Size Text Size Print This Page

[ad_1]

Way back when Android 4.2 Jelly Bean was released, Google added a feature called Verify Apps that sought to protect users who inadvertently may have downloaded a piece of malware and attempted to side-load it onto their phone. The service, which is enabled by default on all Android devices, scans apps that are installed from sources other than the Play Store, and warns the user if they may be potentially harmful.

It’s so silent and unobtrusive, most users don’t even know Verify Apps is running, which also means they don’t know when it’s not running. As Google explains in a blog post, that could be the result of an app that has snuck by its gate-keeping and purposefully turned it off, opening the door for potential problems. Google calls these devices Dead or Insecure (DOI), and in turn, if an app has a high percentage of DOI devices downloading it, it will be considered a DOI app. That’s where Google’s security wizardry comes into play.

As software engineer Megan Ruthven explains, Google has developed a metric “to identify the security-related reasons that devices stop working and prevent it from happening in the future.” If a device has stopped using Verify Apps, Google dives into the apps that device has installed and checks their retention rate—the number of devices that have downloaded a particular app with Verify Apps switched on—to come up with a DOI score. If the app has a low score, meaning a high number of devices without Verify Apps has downloaded it in one day, Google will investigate further, and take steps to remove and block future installation if necessary.

verify appsGreenbot

You can find the Verify apps toggle in your security settings.

Google says it has flagged more than 25,000 DOI apps to be part of the Hummingbird, Ghost Push, and Gooligan malware families “because they can degrade the Android experience to such an extent that a non-negligible amount of users factory reset or abandon their devices.” As Ruthven writes, without the DOI score, “many of them would have escaped the extra scrutiny of a manual review.”

[ad_2]

Source link