Google has finally disclosed the secret on how it finds malware hidden apps for users downloading new apps. As a part of its business objective to offer utmost mobile security to all its users, Google takes the help of a security solution called Verify Apps to analyze viruses and other malware hidden in the apps which are being added to the app store.
As a part of standard procedure, Verify Apps actively scans for the potentially harmful apps on the device. But what if the said security solution fails to launch or stops working.
If at all the said situation arises where Verify Apps fails to launch the security verification procedure, Google first verifies the cause of this behavior and then categorizes that device into a dead or insecure(DoI) device category. The process of flagging a device into DoI category depends more on a mathematical equation where a certain score decides if that particular app is DoI or Not.
As soon as the device is categorized into a DoI category, then Google offers a patch for android devices which updates the security system.
After this procedure, if the device starts reporting app installs and the verification is done through Verify Apps, then it is re-categorized into “Retained” category and is considered to be safe and secure from then on. If in case, Verify apps fail to analyze the device after a security system update, then it is considered as dead or insecure.
In its briefing to Cybersecurity Insiders, Google mentioned that the app retention rate depends on the percentage of all retained devices that downloaded the app in one day. Here, Google considers retention as a strong indicator of device health. And for that, Google follows a DOI scorer, which takes the value as the assumption that all apps should have a standard device retention rate.
After calculating the DOI score, Google comes into action and brings in the offending apps into the top of DOI list. After this process, Google analyzes the report given by Verify Apps to remove existing installs of the app and prevent future installs of it.
Hence, this helps the internet juggernaut to filter our malware-carrying apps such as Gooligan Malware, Ghost Posh, and Hummingbird.
Affected devices usually go for factory reset or are permanently abandoned. As this will help Google to discover PHAs and block them before they go on a spree of affecting other android devices.
Around 250,000 malicious apps were identified by Google’s verify apps security solution since 2016.
More details are awaited!