Google Explains How It Spots Malicious Android Apps

Android’s Verify Apps feature performs malware scans on newly downloaded applications to make sure they’re safe. However since some malicious Android apps can prevent the feature from working, the company had to find an alternative way to figure out if a phone stopped using Verify because you no longer use it or if it’s due to malware lurking in your device.

In a detailed blog post on Android Developers, Google explains the state-of-the-art methods it employs to examine the safety of a selected application, even in cases in which Verify’s verdict is unavailable. The post delves into the problematic algorithms and security practices that Google makes use of to proactively become aware of and mitigate potential threats posed by means of malicious apps, highlighting the company’s ongoing commitment to safeguarding personal facts and enhancing the general protection of the Android ecosystem.

“To understand this problem more deeply,” the post reads, “the Android Security team correlates app install attempts and Dead or Insecure (DOI) devices.” To note, the team marks devices that stopped checking up with Verify as DOI and those that continue to use the feature as “retained.”

The protection team utilizes particular components to calculate the app’s retention charge, which is essentially the share of all devices that have been retained after downloading it within a single day. This calculation involves thinking about different factors and records points to make certain an correct assessment of the app’s overall performance in phrases of consumer engagement and durability.

N = Number of devices that downloaded the app.

x = Number of retained devices that downloaded the app.

p = Probability of a device downloading any app will be retained.

Z = Represents the DOI score.

© Google

If Z or the DOI score falls below -3.7, it means a large number of phones or tablets stopped checking with Verify the moment they installed the app. After Google inspects the app more closely, it conducts a thorough analysis to ascertain whether it poses any genuine harm. If deemed harmful, Google takes proactive measures by first removing any existing installations and subsequently implementing safeguards to prevent any future downloads of the app.

The company highlighted that implementing this specific method significantly enhanced the Security team’s ability to uncover numerous applications that were compromised by malware strains such as Hummingbad, Ghost Push, and Gooligan in previous instances. Without the utilization of this approach, these potentially harmful apps could have easily evaded detection.

Article Originally from Google