Google’s software security engineers work tirelessly to ensure that the apps we use every day perform their functions well without doing anything malicious in the background. The company recently detailed one method of doing this and fighting malware, which works even when malware fights back.
All the apps that get submitted to the Play store get scanned by security software, which checks for viruses, malware, or other nasty pieces of code. But sometimes bad apps still manage to get through and end up installed on users’ devices where they may disable security mechanisms.
This is the reason why Google keeps a close eye on how apps and the devices they’re installed on behave. The company explains that even when malware tampers with a device’s security protocols and stops the communication between Google servers and the Android phone or tablet, security engineers can still act. To be more precise, Google monitors how many devices stop communicating with its servers after installing specific apps, and if that number hits a certain threshold, the apps in question are re-examined and tested.
Of course, this is just one of the many ways that Google analyzes apps, though it proved crucial in tackling malware families like Hummingbad, Ghost Push and Gooligan, which severely impacted infected devices. Google says it flagged over 25,000 apps infected with one of those pieces of malware by using this method.
Still, that’s only a small drop in the bucket considering Google’s own stats point to millions of infected apps in the Play Store.
Source: Android Developers Blog