Android built-in security tool
Google Play Protect, has introduced a novel feature designed to conduct real-time analyses of Android app code, preventing potentially harmful apps from being installed.
In October, Google unveiled this new feature integrated into Google Play Protect, aimed at identifying and blocking malicious or counterfeit sideloaded apps originating from sources outside the official app store. These rogue apps can alter their appearance and employ artificial intelligence to modify their code, making detection challenging.
The key component of this Play Protect enhancement is the recommendation for real-time app scans on new apps that have not undergone prior scrutiny. These scans involve a detailed code analysis, extracting critical data from the app and sending it to the Play Protect backend for code-level assessment.
While Android’s app store is home to billions of apps that Google regularly screens for malware, sideloading remains a popular practice among Android users, even if it entails a level of trust that the installed app is not malicious.
Google’s primary motivation behind implementing this advanced real-time code-level scanning is to combat the proliferation of predatory loan apps. These apps have caused significant harm to users, with some even leading to tragic outcomes. Predatory apps gain access to users’ data, including contacts and photos, which they exploit to intimidate and harass users. Google has already removed over 3,500 such apps in a year due to policy violations, but attackers continually devise new tactics to target their victims.
The Play Protect update was initially launched in India, with plans for international expansion. To test its effectiveness, we subjected it to a battery of tests on a Pixel 7a with Android 14 and the updated Google Play Store featuring real-time code-level scanning.
In our tests, Play Protect effectively blocked numerous malicious apps, including spyware, stalkerware, and predatory loan apps. These apps attempt to disguise their intentions or alter their code to evade detection, but Play Protect flagged them as “harmful.”
However, the update did not entirely prevent a few predatory loan apps from installing during our testing.
We also attempted to install fake versions of popular apps listed on Google Play, such as an imitation of a popular game and a counterfeit VPN app. Play Protect allowed these apps to be installed, though their exact purpose remained unclear.
According to Google spokesperson Scott Westover, “With this recent enhancement, we’re adding real-time scanning at the code-level to Google Play Protect to combat novel malicious apps, regardless of if the app was downloaded from Google Play or elsewhere. These capabilities will continue to evolve and improve over time as Google Play Protect collects and analyzes new types of threats facing the Android ecosystem.”
Sideloaded apps offer users the freedom to install any Android app, but they also come with inherent risks. In the face of apps that frequently change their appearance and code to evade detection, Google’s new real-time app scanning feature serves as a crucial final line of defense for billions of Android users, with ongoing improvements expected.
