Google wants to eliminate the malware mess of the Play Store12. November 2019
Google wants to eliminate the malware mess of the Play Store
New York, 12.11.2019
Android has a malware problem. The flexibility of the open ecosystem makes it fairly easy for infected apps to propagate to third-party app stores or malicious websites. Worse still, malware-infested apps are slipping into the official play store with disappointing frequency. After a decade of grappling with the problem, Google is now calling for massive reinforcement. Three anti-virus companies will compete with Google in an alliance against the pests: ESET, Lookout and Zimperium. All three companies have years of experience handling Android malware. Now they will use their threat scanning and detection tools before new apps land on Google Play.
Every antivirus vendor in the Alliance offers a different approach to scanning app files. The companies are looking for everything from Trojans, adware and ransomware to banking malware or even phishing campaigns. The ESET engine uses a cloud-based repository of known malicious binaries as well as pattern analysis and other signals to rate apps. Lookout has 80 million binaries and app telemetry that extrapolates potential malicious activity. Zimperium uses a machine learning engine. As a commercial product, Zimperium’s scanner works to analyze and troubleshoot the device itself rather than relying on the cloud.
Tony Anscombe, the ambassador of ESET for Industry Partnerships, said: “If we’re part of such a project with the Android team, we can actually start protecting at source – it’s far better than trying to clean it up.”
Setting up these systems to scan new Google Play posts was conceptually not difficult – everything is done through a specially designed programming interface. The challenge was to customize the scanners to make sure they could deal with the fire of the apps going through for analysis – probably many thousands a day. ESET is already integrated with Google’s Chrome Cleanup Malware Removal Tool and has partnered with cybersecurity company Chronicle, owned by Alphabet. However, all the member companies of the App Defense Alliance said that the process of creating the necessary infrastructure was extensive and the first steps of the Alliance were taken more than two years ago.
“Google narrowed down the vendors that the company wanted to work with, and they all did a pretty detailed proof-of-concept to see if there was an added value and if we could find more bad things together than any of us is able to independently, “says the CEO of Lookout Jim Dolce. “We exchanged data over a one-month period – millions of binaries, and the results were very positive.”
It remains to be seen if the Alliance will actually intercept significantly more malicious apps before they land on Google Play. Independent researchers have found that many Android antivirus services are not particularly effective in catching malware, and a stronger defense of Google Play will only make malware authors more creative and aggressive.
With 2.5 billion Android devices in the world, Google has a lot to lose if the malware problem is not solved.