Google asks security companies for help with scanning Play Store apps

Google wants to provide its users with good security, including protection against malicious apps. To this end, it is launching a new project today: App Defense Alliance. For this project, the Internet giant asked three cyber security companies to help with the scanning of apps in the Play Store.

The three companies that contribute to the App Defense Alliance are ESET, Lookout and Zimperium, writes ZDNet . With this project, Google hopes to merge malware and threat detection engines in order to improve the security scans of Android apps.

These scans take place before an app ends up in the Play Store. Google employees now check apps that already want to enter the digital store with a system called Bouncer and with Google Play Protect. These systems have to remove malware between the legitimate apps and ensure that only safe apps are offered to users.

As part of the new collaboration, Google Play Protect will be integrated into the scanning engines of the partners. This should lead to even better risk intelligence about apps. “Partners analyse that dataset and work as an extra, vital set of eyes before an app goes live in the Play Store,” says Dave Kleidermacher, VP, Android Security & Privacy.

Why is this necessary?

Google could use that extra help. Although Bouncer and Play Protect were quite successful in the past – according to Google they were already detecting thousands of malicious apps – they could not prevent malware from ending up in the Play Store. In August, for example, another 85 adware apps were discovered in the Play Store.

This is partly due to the fact that the creators of the malware took countermeasures against the protection of Google. The cybercriminals have found ways to bypass the systems and thus still get malware into the Play Store.

One of these ways is by using malware doppers. The actual malicious app will only be downloaded at a later time. This only happens once a user has downloaded what appears to be an innocent app. In addition, cybercriminals work with timers, which postpone malicious behaviour for hours or days. As a result, Google’s tests do not pick up on the behaviour.