This article explores the new real-time app scanning feature of Google Play Protect, its effectiveness in blocking malicious sideloaded apps, and its role in enhancing Android security overall. It also highlights its limitations and the future improvements anticipated by Google.
To bolster Android security, Google Play Protect has introduced a real-time app scanning feature. This function analyzes an app’s code in real time and prevents its installation if deemed potentially harmful. Announced in October, Google’s new feature aims to counteract the threat of malicious or deceptive sideloaded apps installed from sources outside the app store.
“Security is not a product, but a process.” – Bruce Schneier
How the Real-Time App Scanning Works
The real-time app scanning feature recommends a code analysis for any new app that has not been scanned. This analysis extracts crucial signals from the app, which are then sent to the Play Protect backend infrastructure for a thorough code-level evaluation.
The Problem of Malicious Sideloaded Apps
Despite the existence of Google’s rigorous screening for malware in the billions of apps available on Android’s app store, not all malicious apps are caught. Some Android device owners sideload apps, bypassing the app store and its multiple defenses. Although sideloading is popular among Android users, it comes with the risk of installing malicious apps.
Combating Predatory Loan Apps
Google’s enhanced real-time code-level scanning feature responds to the growing issue of predatory loan apps. These apps have led to user harassment, with some victims even taking their own lives. Malevolent actors gain access to user data, such as contacts and photos, and use them to intimidate users. Google has removed over 3,500 such apps in a year for violating its policy requirements, yet attackers continue to find new ways to exploit their victims.
Testing the Effectiveness of the Real-Time App Scanning Feature
TechCrunch tested the new Play Protect feature by loading a phone with various malicious and harmful apps. The test was carried out on a Pixel 7a with a fresh install of Android 14 and the updated Google Play Store featuring real-time code-level scanning. The phone was loaded with over 30 different malicious apps, including stalkerware, spyware, predatory loan apps, and fake versions of popular apps. Play Protect blocked nearly all of them, providing warnings about their unsafe nature. However, a few recently created predatory loan apps were successfully installed.
Google’s Ongoing Commitment to Android Security
Despite the limitations noted in the testing phase, Google remains committed to enhancing Android security. A spokesperson for Google, Scott Westover, said in an email to TechCrunch, “These capabilities will continue to evolve and improve over time as Google Play Protect collects and analyzes new types of threats facing the Android ecosystem.” With the freedom to install any Android app comes risks, and Google’s real-time app scanning feature is a crucial last line of defense for billions of users, which is expected to improve over time.