Google Play Protect's AI works but needs to get better fast

Android has a bit of a conundrum when it comes to ensuring the security of apps. It's open ecosystem means it gathers thousands if not millions of apps, a staggering number that no human team can sufficiently monitor and curate. That is why Google has always advocated the use of AI and machine learning in screening apps, which it has formally branded as Google Play Protect. But while it has some good news to share about the efficacy of the system, those same numbers show that Google's AI needs to go to cram school ASAP.

This is going to be yet another Apple versus Google and iOS versus Android thing. Long story short, Apple manually screens every app submitted to its App Store and, as Valve just learned, not everyone makes the cut. It's a painstaking process that results in a comparatively smaller number of apps (compared to Android) but has the explicitly assurance of safety, if not quality.

In contrast, Google is always more interested in numbers. It wants more but, at the same time, knows it won't scale well to manual processes. Which is why it has entrusted Android's security, or Google Play Store's security rather, to machine learning. And it's quite proud of what is has accomplished so far.

Google boasts that Play Protect's systems scan over 50 billion apps daily. These scans are mostly done on the Play Store but also happen from time to time on Google-certified phones. The idea is simple: it uses automation, algorithms, and machine learning to root out Potentially Harmful Apps or PHAs. Because of that system, Google Play apps are 9 times less likely to be a PHA, or so says Google.

Of course, it all depends on how well that machine learning system is able to detect PHAs. It requires Google to feed it thousands and thousands of examples of both potentially harmful behavior as well as safe ones. And what better source for that data than Google Play Store itself and user's (promised to be anonymized) data. These neural networks look for telltale signs of bad behavior, like interacting with other apps, downloading files in the background, or bypassing Android's security features.

To its credit, Google Play Protect isn't just a simple and single-minded bouncer. In addition to identifying PHAs, Google also groups malicious behavior into families. This system allows it to identify apps that have remained outside their radar but exhibit similar traits as known PHAs.

THat machine learning system has, so far, accurately detected 60.3% of the PHAs and malware Google Play Protect identified last year. It's not hard to understand why Google is proud of that. That 60% was made by a machine with little to no direct human intervention. But 60% isn't exactly an encouraging number and Google Play Store's history might not inspire much confidence yet.

To be fair, this new AI-powered system was only added two years ago, long after Google Play Store was already notorious for having apps that slip through the cracks. Has it improved since then? It's not that easy to say. News coverage has definitely been fewer, but that may be because people are tired of hearing about it over and over again. There are definitely some high-profile mishaps, but that could be attributed to the remaining 39.7% that didn't get detected.

And then there's the case that not all Android devices might even have Google Play Protect at all. As part of the Google Play bundle, it only benefits certified devices. There is quite a number of Android smartphones in the market that don't and there might even be more to come if certain political forces have their way. It is definitely a cunning strategy to "encourage" OEMs to get Google-certified, but not all can afford to pay the price.

That's not to downplay Google's achievements but it definitely needs to pick up the pace. The world won't wait for is machine learning systems to wise up, especially when privacy and security are being put under a microscope again. Given recent events, there is even more pressure on Google now to prove that its AI-driven system doesn't just work but is also better than the competition. And, considering the number of apps in Google Play Store and the more than 2 billion Android devices out there, 60.3% just doesn't cut it.