Google adding continuous rogue Android app scans

Google is updating Android to continuously check phones and tablets for rogue apps, picking out those with malware behavior even if they've managed to squeeze through the initial verification. The new feature, which builds on Android's existing "Verify apps" system that sifts through software at the point of installation to flag up any concerns, will add real-time and ongoing checks.

Google compares the new app scanning to an alarm service in the home. In that metaphor, if the initial Verify apps functionality is the equivalent to a door or window sensor, then, the ongoing checks are more like movement sensors tracking unwanted behavior once indoors.

The constant on-device monitoring isn't expected to flag up many warnings, based on the efficiency of that early check. Google says that, in 2013, less than 0.18-percent of app installs took place after the user was warned of potential hazards.

How Google manages the distribution of apps in the Google Play store has come under increasing attention alongside Android's rise on phones and tablets, particularly in contrast to how Apple controls what software is released through its App Store for iPhone and iPad.

Whereas Apple takes a more locked-down approach, insisting on testing each title before it can be included in the App Store, Google allows developers to submit and update at-will. That, some security researchers have argued, has led to a situation where Android malware can go unchecked and unnoticed.

Verify apps, Android security engineer Rich Cannings says, has actually scanned more than four billion apps in the past year, however, and predicts constant monitoring will only improve matters.

No word on when the updated feature will roll out at this stage.

SOURCE Google