Last year, Google built a “Verify Apps” feature into Android that scans apps for m alware upon installation.
While that process, which has been used 4 billion times according to the company, has successfully prevented infection from countless malicious apps, it doesn’t go far enough; code can be remotely changed after installation, making it relatively easy for m alware vendors to counteract Google’s defences.
Today, as a response, Google has updated its Play Services for devices running Gingerbread or higher to continually scan installed apps for malicious code. According to Google, only 0.18% of installs since have been deemed harmful since Verify Apps was implemented. “Even though the risk is miniscule, we’re committed to making sure that the best available security protections are available to all Android users. This includes service-based protections such as Verify apps, as well as security features within the platform itself,” says a blog post.
According to a recent report by Symantec, 99% of mobile-focused m alware is destined for Android, though only a very small number of users fray from installing apps outside of Google Play itself. Still, m alware has been found in the occasional Play Store-based app, and this move by Google can only help keep Android users more secure.