Published on November 4, 2023, 1:29 pm

  • Google Play Protect now conducts real-time analysis of app code to block potentially harmful apps during installation. This feature is part of Google's efforts to catch malicious or fake sideloaded apps. The update includes scanning for predatory loan apps, spyware, stalkerware, and fake versions of popular apps. Although some malicious apps were successfully installed during testing, Google continues to improve its detection and prevention capabilities.
  • Google Play Protect Enhances Real-Time Scanning Feature to Block Potentially Harmful Apps
  • TechCrunch

Google Play Protect, Android’s built-in security engine, now has an enhanced feature that conducts real-time analysis of an Android app’s code. If the app is deemed potentially harmful, Google Play Protect will block its installation. This new feature is part of Google’s efforts to catch malicious or fake sideloaded apps that are installed from outside the official app store.

In October, Google announced the introduction of real-time app scanning within Google Play Protect. This feature aims to detect and prevent the installation of harmful apps that use AI or alter their code to evade detection. Previously, this scanning was only recommended for apps that had never been scanned before. However, it now applies to any new app that requires a code-level evaluation.

While Google screens billions of apps in its app store for malware, sideloading remains a popular choice for many Android users. Sideloading allows users to install apps bypassing the official store and its defenses against malicious software. Although convenient, this method carries risks because users have to trust the integrity of the app they are installing.

One significant motivation behind Google’s enhanced real-time scanning feature is tackling predatory loan apps. These types of apps have led to harassment and even tragic cases where victims have taken their own lives. Attackers gain access to users’ data such as contacts and photos, which they then use as tools for bullying individuals.

To combat predatory loan apps and other threats more effectively, Google released an update to Play Protect initially in India but with plans for international expansion soon after. TechCrunch tested this update by attempting to install various types of malicious apps on a Pixel 7a device running Android 14 with the updated Play Store featuring real-time code-level scanning.

The testing revealed that Play Protect successfully blocked almost all malicious apps by providing warning messages about their potential harm or intentions.The few predatory loan apps successfully installed during testing showcased the need for continuous improvement in detecting and preventing evolving threats.

The scope of Play Protect’s update also included testing for spyware and stalkerware apps. These apps are often surreptitiously installed on someone’s phone by an individual with physical access, typically a partner or spouse. Play Protect intervened each time these types of apps were attempted to be installed, recognizing them as harmful.

In addition to predatory loan apps and spyware, the test also involved trying to install fake versions of popular apps available on Google Play. Play Protect allowed two fake apps to be installed during testing. While the purpose of these fake apps remains unclear, Google acknowledges that its capability to combat novel malicious threats will continue to evolve and improve over time.

Sideloading provides users with greater freedom but comes with potential risks due to the constantly changing nature of malicious apps. Google’s real-time app scanning feature serves as an essential last line of defense for billions of Android users worldwide and is expected to become even more effective in the future.

By investing in advanced security features like real-time code-level scanning, Google aims to protect users’ digital privacy and ensure a safer app ecosystem for Android devices.


Comments are closed.