- Google calls ESET, Zimperium, and Lookout for help, forming an alliance that will detect bad Android apps.
- The partners will deploy static and dynamic analysis tools, as well as machine learning systems.
- All types of abusive behavior will now be detected during the app review stage before they enter the Play Store.
No matter how many times Google has promised to tackle the problem of malware and adware on the Play Store, it is just too much for their internal reviewers to handle. We have previously reported about hundreds of adware apps plaguing the official Android app store, cases of apps spreading malware to millions, apps that are pretending to be something else, and apps that are collecting more user data than they should. All of these constitute what we call “bad apps”, and Google is finally taking a bold step in trying to deal with the menace.
As Google now reports, they have formed the “App Defense Alliance”, bringing together their security team, ESET, Zimperium, and Lookout. These four entities will now work closely in order to detect, identify, and remove all bad apps from the Play Store. Hopefully, this will fundamentally change the perception of security that Android users have about the platform, and this is of immense importance. Until now, we have been advising you not to blindly trust any application, even if they have been on the Play Store for a long time, or if they count millions of installations.
The plan is to integrate the Google Play Protect detection system with the scanning engines of each of the three partners. The apps will be queued to publish as usual, while the security experts will analyze the dataset and report any findings. Through the sharing of these findings, their confirmation, or their dispute, the alliance will reach a very high-quality risk assessment that is impossible for Google to achieve on its own. Moreover, Google’s new partners deploy advanced machine learning, static, and dynamic analysis tools, so no form of abusive app behavior can go unnoticed anymore.
Mobile malware is currently on the rise, and the 2.5 billion Android users are making the field too lucrative for malicious actors to ignore. Google has finally given up on trying to manage the risks themselves, so this move is more than welcome at this point. Admittedly, Google could have decided to bring along machine learning detection partners sooner, but it’s better late than never. If everything goes as expected from now on, the stories about adware and malware apps roaming the Play Store will eclipse.