Android 7.1 hides an anti-malware "panic detection" safeguard

Alongside fragmentation, security is one of the most criticized flaws of the Android platform. Although it takes the matter seriously, Google remains firm on not exercising an iron fist and instead implements "smart" systems to automate the checking of apps. Some malware, however, do slip through the cracks and others can be obtained from unofficial sources. In such cases, Android still tries to be smart without being heavy-handed in dealing with already installed and running malware. Like this hidden "panic detection" feature that presumes you're phone is infected when you repeatedly press the back button too many times.

That might sound ridiculous at first glance, but there is some factual basis for this feature. A certain class of malware, like ransomware for example, hijack a phone's screen and prevents users from getting out through the home button or the back button. In cases such as those, users usually press the back button repeatedly, which is what Android developers have amusingly labeled as a panic mode.

The latest and future versions of Android apparently have code to detect this kind of panicking. It's even smart enough to differentiate that specific type of button mashing from, say, valid multiple button presses for an app. The default is set to 4, which means that if the users repeatedly press Back at least 4 times within a given interval, the user is probably trying to escape malware. In that instance, Android overrides the malware-bearing application and dumps the user back to the home screen, where the user will presumably be able to take action to remove the offending app.

While the code is indeed present in Android 7.1 and later, it isn't something that's actually enabled for any device, even those running that version. It has to be specifically set by OEMs themselves. That said, the implementation does look very simplistic and could be easily thwarted by more devious malware. We still have to see how it performs in the wild.