Google beefs up Android security with always-on Verify Apps malware scanner

It may come as a surprise to many Android detractors out there, but Google’s Play Store itself is not replete with malware as some would have you believe. The biggest source of malware on Android is undoubtedly third-party app stores and unofficial APKs. These can be modified to suit any attacker’s needs and there’s less protection than one would get from the Play Store.

But seeing as sideloading and third-party app store support is counted as one of Android’s advantages, Google had to find a way to make sure malware doesn’t spread rampantly. It introduced Verify Apps, which scans apps before they are installed to make sure they aren’t malware. It does this by matching the signature of the app against a database of malware signature. Now Verify Apps has been expanded to give always-on protection against suspected malware apps. So now the service will constantly scan your apps against known malware signatures to detect harmful software.

Verify Apps database is constantly updated as more websites and apps are detected by Google as spreading malware, so even if any app sneaks through, it can be caught and stopped by the service after it has been installed. In any case, Google says a miniscule proportion of installs take place after a user sees a Verify Apps warning. “We’ve found that fewer than 0.18% of installs in the last year occurred after someone received a warning that the app was potentially harmful,” Rich Cannings, Android Security Engineer said.

Verify Apps is available for Gingerbread-running phones, so it’s not just the Jelly Bean and KitKat devices that receive this protection.