Google has partnered with mobile security companies ESET, Lookout and Zimperium to identify potentially harmful and unwanted apps before they are listed on Google Play.
“The Android ecosystem is thriving with over 2.5 billion devices, but this popularity also makes it an attractive target for abuse. Working closely with our industry partners gives us an opportunity to collaborate with some truly talented researchers in our field and the detection engines they’ve built,” said Dave Kleidermacher, VP of Android Security and Privacy, Google.
The App Defense Alliance
As part of the newly created App Defense Alliance, Google is integrating its Google Play Protect detection systems with the scanning engines of its partners.
“Partners of the App Defense Alliance can send a request to the Google Play Protect scanner service to have an app analyzed. The GPP scanner service then sends back the scan results directly to the partner,” Google explained.
“This direct communication also allows GPP to send requests to partner’s scanner services and receive results from the partner’s scanning engines. This will generate new app risk intelligence as apps are being queued to publish. Partners will analyze that dataset and act as another, vital set of eyes prior to an app going live on the Play Store.”
Threats come from many sources
This alliance will benefit all the partners and end users but, as Lookout pointed out, it doesn’t negate the need for a third-party mobile security solution.
“The App Defense Alliance will protect Google Play Store users from app-based threats, such as malware, spyware and vulnerable applications within the Google Play Store; however, app-based threats are just one aspect of the spectrum of mobile risk, just as the Google Play Store is just one aspect of the mobile ecosystem,” the company noted.
“Users can still be targeted in web-based attacks, such as phishing, device-based threats and network-based attacks. Moreover, this alliance only protects users from app threats in the Google Play Store, not apps outside of the Play Store. For enterprises, these threats could leave corporate data vulnerable.”
Neither of the partners mentioned whether the Alliance’s might, in time, tackle the problem of apps that become malicious after they’ve been listed on Google Play.