Google is enhancing its security measures for Android users by introducing new real-time scanning features in Google Play Protect. This upgrade is a response to the challenge posed by malicious apps that employ polymorphism to avoid detection.
Play Protect’s on-device scans, driven by data from 125 billion daily scans, now provide real-time code-level analysis, making it harder for malware to escape detection. This development aims to boost safety for Android users and reduce malware infections on the platform.
The issue at hand arises from malicious apps, often promoted outside Google Play, using AI and polymorphic malware to alter identifiable information within their code, rendering them immune to automated security scans. Google Play Protect initially detected these apps as suspicious but did not have effective mechanisms to stop them post-installation.
To address this, Google has enhanced Play Protect with real-time code-level scanning, ensuring an in-depth analysis of an app’s safety by extracting signals. While some malicious apps may still find ways to evade this system temporarily, it is a significant improvement in Android security.
Google’s security protections and machine learning algorithms continuously improve by learning from each app submitted for review. This upgrade strengthens the overall security of the Android ecosystem.
The enhanced Play Protect scanner combines static analysis, heuristics, and machine learning to identify patterns indicative of malicious behavior. This real-time scanning feature is gradually rolling out worldwide and is available in select countries. It works on most Android devices, ensuring regular updates independently of the monthly Android updates release.