Google Asks Three Mobile Security Firms To Help Scan Play Store Apps

Google announced today that it partnered with three private cyber-security firms -- ESET, Lookout, and Zimperium -- to start a new project called the App Defense Alliance. From a report: The purpose of this new project, Google said, was to unify malware and threat detection engines and improve the security scans that Android apps go through before being published on the Play Store. Currently, when an app developer creates and submits an Android to be listed on the official Play Store, the app is scanned by Google employees with a system called Bouncer and another called Google Play Protect. In the past, Google said that both systems have been able to detect thousands of malicious Android apps submitted to the Play Store. However, while this system has been efficient, it hasn't been perfect, and many malicious apps slipped through across the years, from banking trojans to ransomware strains. Over the past few years, Android malware authors have also adopted to counteract and negate Bouncer and Play Protect scans.

Adopted?

[zarmanto]

... Over the past few years, Android malware authors have also adopted to counteract and negate Bouncer and Play Protect scans. ...

I'm sorry; I must have missed something... what exactly did they adopt, now? Did they leave out some words? Oh, I know! They must have adopted new methodologies for hiding from the malware scans. Yes, that's it.

Funny. It seems to me that it might have been more concise to just say that they adapted.

Sort by permissions

[mrwireless]

In my opinion it would be great if you could search and sort apps by the amount of permissions they require. That would already help people find the least invasive apps, which probably have a large overlap with other malicious apps.

The Apple Advantage.

[jellomizer]

This is one thing Apple has been very careful with vs Google. The closed gates of the Apple Store for Apps, where the posted applications have a full review before being accepted for posting. While this also means Apple misses out on a lot of really great Apps that Android users have, it also means for the most part the Apple Apps are relatively safe to run on your device.
That said, I have noticing Apple has been cheeping out lately and lot of apps are now Boggy Ad Filled disasters.

Re:

[Freischutz]

This is one thing Apple has been very careful with vs Google. The closed gates of the Apple Store for Apps, where the posted applications have a full review before being accepted for posting. While this also means Apple misses out on a lot of really great Apps that Android users have, it also means for the most part the Apple Apps are relatively safe to run on your device. That said, I have noticing Apple has been cheeping out lately and lot of apps are now Boggy Ad Filled disasters.

A huge number of the apps in the AppStore are also free apps which is kind of asking for ads if you install them and probably malware as well, or spyware at the very least.

Re:

[tlhIngan]

A huge number of the apps in the AppStore are also free apps which is kind of asking for ads if you install them and probably malware as well, or spyware at the very least.

Except on iOS, you can't scrape much "for free" without alerting the user. You can't use a GPS app without iOS asking (and periodically re-asking) if you want to give it permission (and now, it only grants GPS information while the app is active - you have to allow it have background permission if you want the app to get location data whi

I'm confused

[NoMoreACs]

Hasn't Google said they have been scanning all Play Store App submissions for several years now.

No wonder Android is such a Malware-Fest!

Re:I'm confused [about the money]

[shanen]

Well posed question, but you forgot your question mark. You should have answered it to earn the hypothetical mod point (I never have to give). So I'll put out a bit of an answer.

The reason the app stores are Malware-Fests is because crime pays. If the google and Apple wanted to fight the malware, then they would go seriously after the scammers motivation and try to break their criminal and illegal financial models.

The most obvious way to do that would be to expose the developers' motivations. In most cases,

Re:

[NoMoreACs]

The reason the app stores are Malware-Fests is because crime pays. If the google and Apple wanted to fight the malware, then they would go seriously after the scammers motivation and try to break their criminal and illegal financial models.

Don't throw Apple into the same barrel with Google/Android when it comes to Malware. There is simply no comparison.

And question mark or not, you never answered my original question. Cute obfuscating!

Oh, and remember: You're not the only one with Mod Points...

Re:

[shanen]

Though I don't use an iPhone, I still read plenty of stories about malware from Apple's app store. The two platforms are clearly quite comparable. And insecure.

Apple also claims to be scanning all of the apps, but if such scanning was working well enough, then there would be no need for better solution approaches. If you think mine is inadequate, then what's yours?

On the last two parts of your reply, I can't tell if I write so badly or you do.

Re:

[AHuxley]

Ads are the product. Detect the ads and the cost of software will change..

Why only 3?

[AHuxley]

Why not go full Virustotal on everything and get the benefit of global skills?
Why the internal limit to so few nations expert AV staff?

ffwd

[sad_]

"Over the past few years, Android malware authors have also adopted to counteract and negate Bouncer and Play Protect scans."

on /. in a few years;

Google asks another three mobile security firms to help scan play store apps as android malware authors have also adapted to counteract and negate bouncer, play protect, eset, lookout & imperium.