The relatively open nature of Android has made it a target for malware authors and other bad actors of all stripes who often try to get their wares onto your phone through both the official Google Play Store, third-party app stores and any other way they can think of. For most users, though, the main Android app store is Google’s own Play Store and as the company announced today, the company removed 700,000 potentially harmful or deceiving apps from its store last year. That’s up 70 percent from 2016.
This means your chance of installing a malicious app — be that one that tries to damage your phone or steal your information, or an app that is simply trying to deceive you into thinking it’s Spotify when it’s just a bad copycat — from the official Play Store is getting smaller by the day. Indeed, as Google VP and Head of Security for Google Play Dave Kleidermacher tells me, the chance of installing a malicious app is now 0.00006 percent (and Google sees about 8 billion installs per month across the world). The vast majority of these malicious apps (99 percent), never made it into the store and was outright rejected by Google’s algorithms and security teams.
Kleidermacher also notes that you are 10x more likely to install a harmful app from a non-Play source than Google’s official store.
With Google Play Protect now running on over 2 billion devices, it’s probably the most widely used malware scanner in the world.
The number of removed apps speaks to the increasing number of attempts by developers to sneak harmful app onto your phone, but also to Google’s efforts in using machine learning and other techniques to find these apps before they ever appear in the store. Google long used static analysis techniques to find potentially malicious code in new apps, but with the addition of machine learning in the last few years, the company is now able to find a far wider range of apps. Kleidermacher described the addition of these machine learning techniques as a “breakthrough in our ability to detect badness.”
As Google Play product manager Andrew Ahn also told me, there are some clear patterns in how malicious and deceiving developers try to sneak their apps into the store. They often try to make their apps look like existing popular apps, for example, to trick users into installing them. Google took down more than 250,000 of these apps in the last year.
As for other trends, Kleidermacher noted that Google is seeing more apps that try to run cryptominers on phones, but for the most part, these trends come and go. A few years ago, apps were trying to trick you into installing other apps, for example, while that isn’t really an issue anymore today. As Google finds and shuts down one category, though, another pops up sooner or later.
Google is quite aware that it can’t detect every single malicious app before it hits the store, though. “We have this fantastic technology and it work 99.99994 percent of the time,” he said. “But it’s never perfect.” Some forms of abuse are almost impossible for Google to detect, after all, especially now that a lot of the code for apps runs on backend systems that Google has no control over. If an app asks you to sign up but then sells your credentials on the black market, there was nothing on the phone that could’ve prevented that. To combat this, Google wants to teach users how to make better security decisions, though it’s also using Google’s Safe Browsing tools to detect if an app connects to a known bad site.
In the end, though, there’ll always be some apps that slips through the net. The good thing is that, for the most part, these apps don’t typically find a lot of users.