In an effort to better protect the Play Store from malware and malicious apps, Google has announced that it has partnered with the cybersecurity firms ESET, Lookout and Zimperium to launch a new project called the App Defense Alliance.
According to Google, the goal of the new project is to unify malware and threat detection engines to improve the security scans that Android apps must undergo before they are published on the Play Store.
Currently when a developer submits an Android app to be listed on the Play Store, the app is scanned by Google employees using a system called Bouncer and by Google Play Protect. Both of these systems have been able to detect thousands of malicious Android apps which were submitted to the Play Store.
- Google boosts bug bounties for Play Store apps
- Google Play Store clamps down on payday loan apps
- Adware apps still common on Google Store
Bypassing Play Store security
Over the past few years, the cybercriminals behind Android malware have changed their tactics in an effort to avoid being detected by Bouncer and Play Protect scans.
Malicious apps have begun to employ a multi-stage delivery system, where an app’s malicious payload is downloaded after being installed, to reach more users on the Google Store.
Another method used to avoid detection, which has been observed in the wild, revolves around using a timer to delay any malicious behavior by hours or days. This way the malware won’t be detected while it is undergoing security testing at Google.
With the App Defense Alliance, Google will now have additional resources in its fight against malicious apps making their way onto the Store.
VP of Android security and privacy, Dave Kleidermacher explained how the company will leverage ESET, Lookout and Zimperium’s scanning engines to identify malicious apps in a blog post, saying:
“As part of this Alliance, we are integrating our Google Play Protect detection systems with each partner’s scanning engines. This will generate new app risk intelligence as apps are being queued to publish. Partners will analyze that dataset and act as another, vital set of eyes prior to an app going live on the Play Store.”
- Secure your devices with the best antivirus software