Latest in Gear

Image credit:

Google explains how it spots malicious Android apps

Even if they prevent Android's Verify Apps feature from working properly.
Mariella Moon, @mariella_moon
January 18, 2017
867 Shares
Share
Tweet
Share

Sponsored Links

Android's Verify Apps feature performs malware scans on newly downloaded applications to make sure they're safe. But since some malicious apps can prevent the feature from working, the company had to find an alternative way to figure out if a phone stopped using Verify because you no longer use it or if it's due to malware lurking in your device. In a blog post on Android Developers, Google explains how it detects if a particular application is harmful even with the absence of Verify's verdict. "To understand this problem more deeply," the post reads, "the Android Security team correlates app install attempts and Dead or Insecure (DOI) devices." To note, the team marks devices that stopped checking up with Verify as DOI and those that continue to use the feature as "retained."

The security team compute for the app's retention rate, or the "percentage of all retained devices that downloaded [it] in one day" using the formula below wherein:

N = Number of devices that downloaded the app.
x = Number of retained devices that downloaded the app.
p = Probability of a device downloading any app will be retained.
Z = Represents the DOI score.

If Z or the DOI score falls below -3.7, it means a large number of phones or tablets stopped checking with Verify the moment they installed the app. Google then inspects it more closely to determine if it's truly harmful before removing existing installs and preventing future downloads. The company says this method allowed the Security team to find a lot of apps loaded with the Hummingbad, Ghost Push and Gooligan malware in the past. Those applications would've slipped by unnoticed if they didn't employ this technique.

In this article: android, app, gear, google, malware, security
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
867 Shares
Share
Tweet
Share

Popular on Engadget

Engadget's 2020 Back-to-School Guide

Engadget's 2020 Back-to-School Guide

View
Our readers get real about their issues with the AirPods Pro

Our readers get real about their issues with the AirPods Pro

View
20GB of Intel internal documents were leaked online

20GB of Intel internal documents were leaked online

View
Disney has no idea what it's doing with 'Mulan'

Disney has no idea what it's doing with 'Mulan'

View
Trump executive order seeks to ban TikTok, WeChat 'transactions' in 45 days

Trump executive order seeks to ban TikTok, WeChat 'transactions' in 45 days

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr