Google is upgrading Android’s Play Protect malware protection system to help it spot malicious apps that change their identifiable features to avoid detection, the company has announced. “This enhancement will help better protect users against malicious polymorphic apps that leverage various methods, such as AI, to be altered to avoid detection,” Google’s blog post reads.
The update follows a rise in this so-called “polymorphic malware,” which is harder for Google’s existing systems to detect. So now, in addition to checking newly installed apps against existing scanning intelligence and using techniques like on-device machine learning, Play Protect will also recommend a real-time app scan when installing apps that haven’t been scanned before. After a code-level evaluation, Google will notify a user to tell them whether an app looks safe or is potentially harmful.
Google Play Protect is available on every Android device equipped with Google Play Services, (encompassing most, but not all, of the 3 billion-plus Android devices active globally) and currently scans 125 billion apps each day, according to Google, to prevent the spread of malware and other unwanted software. It scans apps before you download them and conducts daily scans for potentially harmful applications on-device to try and detect malicious software regardless of whether it’s downloaded from Google Play or elsewhere.
Despite the protections, researchers continue to sound the alarm over Android malware discoveries. BleepingComputer has reported on several hacking campaigns in recent months, which often distribute malware masquerading as legitimate apps like YouTube or Chrome — software that users are likely to be more willing to grant wide-ranging system permissions to. Google’s blog post notes that links to malicious app downloads are often shared via “ephemeral sources” like messaging apps.
The new scanning feature has already started rolling out in “select countries, starting with India,” Google’s post notes, and will be available in all regions in the coming months.