Google today announced a new initiative intended to fight the spread of malicious apps on Android. Called the App Defense Alliance, it’s a collaboration between Google, ESET, Lookout, and Zimperium that aims to reduce the risk of app-based malware by identifying and remediating new threats.
Google says it’s integrating its Google Play Protect service — which uses a combination of machine learning and heuristic analysis to detect abusive behavior — with each App Defense Alliance partner’s scanning engines. The goal is to generate intelligence as apps are being queued to publish to the Google Play Store. Partners can send a request to Google Play Protect to have an app analyzed, after which the service will send the scan results directly to the partner. It’s a two-way street: Google Play Protect can send requests to partner’s scanner services and receive results from the partner’s scanning engines.
ESET, Lookout, and Zimperium will perform these and other checks prior to apps going live on the Play Store.
“The Android ecosystem is thriving with over 2.5 billion devices, but this popularity also makes it an attractive target for abuse. This is true of all global platforms: Where there is software with worldwide proliferation, there are bad actors trying to attack it for their gain,” wrote Dave Kleidermacher, VP of Android security and privacy, in a blog post. “Working closely with our industry partners gives us an opportunity to collaborate with some truly talented researchers in our field and the detection engines they’ve built.”
Kleidermacher says the first crop of partners was selected based on their successes in finding potential threats and their “dedication” to improving the Android app ecosystem. He and Zimperium’s chief technical officer, Jon Patterson, assert that multiple heuristic engines working in concert will increase the efficiency in identifying potentially harmful apps. (Wired notes that Lookout alone has a database of 80 million binaries and app telemetry.)
“One of our strategic imperatives as a technology company is to relentlessly innovate,” said Paterson in a statement. “We have continuously evolved our core technology and, as a result, become the benchmark standard for machine learning-based detection of mobile malware ensuring detection of zero day samples. We look forward to collaborating with Google to keep users of Google Play apps protected from attack.”
In Google’s latest annual “Android Security & Privacy Year in Review,” published in May, the company said that Google Play Protect — which scans over 50 billion apps every day on-device and upwards of 500,000 in the cloud — substantially cut down on the number of potentially harmful apps in Google Play last year. Only 0.08% of devices that used Google Play exclusively for app downloads were affected by potentially harmful apps, and even devices that installed apps from outside of Play saw a 15% reduction in malware.
Play Protect isn’t the only tool that Google’s leveraging to fight against malicious apps. In the same report, it said that Build Test Suite (BTS) — a service that scans for preinstalled PHAs across software builds for partner OEM devices with Google services — prevented 242 builds with potentially harmful apps from entering the ecosystem. And Google says that new alerts from Google Play designed to warn users about mobile unwanted software — apps that aren’t strictly malware, but that surreptitiously collect data like phone numbers and email addresses — installed outside of Google Play declined from 2.09% in 2017 to 0.75% in 2018.
Google claims it has helped over 300,000 developers remediate more than 1,000,000 apps, to date.