Google has announced a new security tool to help fight back hackers who have adopted new techniques to infect and compromise Android endpoints.
In a blog postthe company has unveiled significant improvements to the way the Android Play Protect security feature works.
According to the announcement, Google Play Protect will scan apps in real-time at the code level to look for signs of potential malicious behavior.
Polymorphic threats
“Scanning extracts key signals from the app and sends them to the Play Protect backend infrastructure for code-level evaluation,” Google explains. “Once the real-time analysis is complete, users will receive a result showing whether the app looks safe to install or whether the scan has determined that the app is potentially malicious.”
Google says the upgrade will strengthen defenses against polymorphic apps that use tricks like AI to stay hidden. Polymorphic apps are able to change their identifying characteristics to remain hidden, or to discourage users from uninstalling them. An example might be an app that advertises as a photo editor, but after installation changes the icon and name to something like “System Settings.” Users may not be aware of the change, or may be too afraid to try to uninstall an app called “System Settings.”
Google also claims that Play Protect will get even better over time. “Our security measures and machine learning algorithms learn from every app submitted to Google for review, looking at thousands of signals and comparing app behavior. Google Play Protect is continuously improved with each app identified, allowing us to strengthen our protection for the entire Android ecosystem.”
The new tool is being rolled out gradually, so don’t worry if you still don’t have it. India is the first country to roll out the feature, with other regions set to get it “in the coming months.”