Google Calls In Security Firms To Help Scan Play Store Apps

mobile

ESET, Lookout and Zimperium to help scan Android apps before their publication on Google Play Store as malware continues to spread on the platform

Google said it would bring in three external partners to help it improve the security of Android apps on its Google Play Store as malware continues to make its way onto the platform.

Android malware typically focuses on money-making schemes including adware and subscription fraud.

For instance, in June researchers found that an adware platform called BeiTaAd had been built into 238 separate applications that had been installed more than 440 million times.

BeiTaAd was unique in its prevalence and in the “level of obfuscation” used to hide its existence, said computer security firm Lookout at the time.

androidThird-party scan

Lookout, along with ESET and Zimperium, are now to begin scanning apps after they are submitted to Google and before they appear on the Play Store, Google said.

The three partners’ scanning services are to operate alongside Google’s own existing malware scans as part of the Google Play Protect detection systems.

“This will generate new app risk intelligence as apps are being queued to publish,” Google said in a statement.  “Partners will analyse that dataset and act as another, vital set of eyes prior to an app going live on the Play Store.”

Play Protect already scans “billions” of apps every day, Google said.

Abuse

Android runs on more than 2.5 billion devices and this makes it “an attractive target for abuse”, Google said.

The three partners were “hand-picked” based on their successes in finding potential threats and their focus on the Android platform.

In April Google said it would bring in more rigorous checks to help spot the “bad faith” coders behind malicious or fraudulent apps.

Android is more vulnerable to security issues than Apple’s iPhone due to its scale and its fragmentation across multiple handset vendors, which makes security updates more complex.

Last year a two-year study found that in some cases phone manufacturers told users Google’s latest monthly security patches had been applied, when in fact they had not.