Android Security: How Google has kept malware in Check with Verify Apps

Megan Ruthven, Software Engineer at Google has revealed stealthy moves by the company to keep Android phones free from malware, and to protect users who inadvertently may have downloaded a piece of malware or attempted to side-load it onto their smartphone.

While Google added a feature called Verify Apps, which has to date flagged more than 25,000 potentially dangerous apps, the Android platform has continued to be marred by the significant infiltration of malware.

The Verify apps feature is enabled by default on all Android devices, and it scans apps that are installed from sources other than the Play Store, with warnings if there are Potentially Harmful Apps (PHAs) on the device.

But, a device can stop checking up with Verify apps, which may happen for a non-security related reason, like a new phone, or more seriously, a harmful app has struck its gate-keeping role and purposefully turned it off, opening the door for potential harm.

And When the above scenario is enacted on a device to stop it from checking up with Verify apps, such a device is considered Dead or Insecure (DOI).

Google uses what it called the "DOI metric", along with the other security systems to help determine if an app is a PHA to protect Android users. The DOI metric is used to identify the security-related reasons that devices stop working and prevent it from happening in the future.

Android users, however, can check if their device has Verify Apps turned on, by accessing the Security tab in Settings (or in the Google tab on Pixels phone), and make sure the Scan device for security threats toggle under Verify apps is turned blue.
Next Post »