Mobile devices have significantly boosted our contemporary lifestyles, enabling us to perform a wide range of tasks, including in-store purchases, online bill payments, and the secure storage of financial information, health records, passwords, and images. Data.ai reports that the pandemic expedited the growth of established mobile practices, such as a 25% annual increase in finance-related app usage and users dedicating over 100 billion hours to shopping apps. Consequently, safeguarding data is now of even greater significance to prevent unauthorized access by malicious entities.
Google recently unveiled advanced real-time scanning capabilities within Google Play Protect, designed to thwart the evasion tactics of malicious apps using polymorphism. This development marks a crucial stride in bolstering the security of Android users, with the ultimate goal of reducing malware infections on the platform.
Immediate code examinations are a core feature of Google’s Play Protect platform, which serves as Android’s in-built defense system for conducting on-device examinations to identify and eliminate undesirable software and malware. It relies on data collected from a staggering 125 billion daily scans.
This tool is effective for both applications acquired from Google Play, the official Android app store, and APKs (Android packages) obtained from external sources and third-party app marketplaces.
When Play Protect identifies something suspicious within an app, it alerts users to refrain from proceeding with the installation.
The challenge arises from the fact that creators of malicious apps, particularly those distributed outside of Google Play, have turned to artificial intelligence and polymorphic malware. These techniques frequently modify identifiable characteristics within a malicious program to circumvent automated security systems, rendering such scans ineffective.
Once these apps are installed on a user’s device, they fetch additional code from an external source, thus executing their malicious functions during a post-check phase, where no mechanisms are in place to halt them.
However, Google, has implemented a re-evaluation process for apps, including the collection of data related to dynamic code loading. This is aimed at safeguarding users when such behavior is detected.
To bridge this security gap, Google has now bolstered Play Protect with the capability to conduct real-time scans at the code level. Furthermore, they recommend performing scans on apps that haven’t undergone prior scrutiny.
These scans involve the extraction of data from the app, which is then transmitted to the Play Protect backend infrastructure for a thorough analysis at the code level. The outcome of this analysis provides a safety assessment of the app.
In a press release, Google explains, “Our security safeguards and machine learning algorithms continuously learn from each app submitted to Google for review, evaluating thousands of signals and scrutinizing app behavior.”
“Google Play Protect continuously enhances its capabilities through ongoing app analysis, thus fortifying security measures for the entire Android ecosystem.”
Android employs a comprehensive defense strategy with multiple layers to ensure your safety against mobile malware and undesirable software. This includes a combination of Android’s inherent proactive and advanced user safeguards like Google Play Protect, continuous security updates, app permission management, Safe Browsing, and additional measures. These efforts are complemented by spam and phishing protection in services like Messages by Google and Gmail, all collaborating to enhance the security and privacy of your data.
The improved Play Protect scanner will employ static analysis, complemented by heuristics and machine learning, to detect patterns that signal potential malicious behavior. The data extracted from the app plays a crucial role in fueling its AI-powered analysis.
Nevertheless, it’s important to note that there could still be certain malicious apps that manage to evade the new system by incorporating extended delays before downloading malicious code or employing other tactics.
Nonetheless, this new system is expected to reduce the volume of undetected malware, at least until malware developers adapt their methods to circumvent or deceive these scans.
The real-time code-level scanning feature in Google Play Protect has been introduced in India and a few other selected regions, with plans for a gradual global rollout in the coming months.
Play Protect is compatible with and receives regular updates on the majority of Android devices, including those running Android 5 and later versions. This independence from monthly Android updates allows the security system to receive frequent updates and stay current.
Sources :