Although Apple’s iOS App Store is starting to show its holes, no thanks to Facebook and the whole Enterprise Certificate brouhaha, Google’s Android counterpart has mostly been perceived has having too many holes for comfort. With a different set of standards and different methodology, Google Play Store, despite the canonical source of Android apps, has had so many lapses that weekly malware reports have become almost a joke. Google now reports how much of its security system has improved in 2018, which, to be fair, might be true. It still, however, might be below acceptable thresholds.
Google hasn’t released hard numbers so we’ll have to take its word for it. According to the tech giant, it was able to increase app submission rejections by 55% and app suspensions by 66%, both for violating Play Store’s increasingly stricter rules. And yet the steady stream of reports on malware getting past those measures have never slowed down to a trickle.
To be fair, Google hasn’t exactly been sitting on the problem. It has implemented new policies to limit the harm that malicious apps can do, though some, like SMS and Call Logs restrictions, were met with some controversy. Google also says its is now able to scan 50 billion apps on users’ devices daily as part of its Play Protect system, a fact that could worry some privacy advocates.
With few exception, most of Google’s systems to fight such PHA’s or Potentially Harmful Apps is based on automation and AI. It is both Play Store’s strength and its perceived weakness. On the one hand, not only does it free Google and its employees from the stressful work of app reviews, it also makes the system impartial and unbiased. On the other hand, it has been proven to also be ineffective at times, especially considering how much still get through the cracks. While human reviewers can be taught how to spot violations, machine learning models have to go through thousands of data to effectively identify traits of PHAs.
Bad actors, of course, are also stepping up their game, especially when they know how relatively easier a system can be gamed. Fortunately, Google has no delusions that its system is far from perfect, let alone good enough. It promises to be relentless in protecting users from such harmful apps, bit hopefully not to the point of becoming a restrictive and closed ecosystem.