Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Android Security

Android Will Now Scan Sideloaded Apps For Malware At Install Time (arstechnica.com) 41

Ron Amadeo reports via Ars Technica: To help combat the surge of sideloaded malware, Google Play can now pop up a malware scanner at install time if it decides the app you're trying to sideload is interesting. Google Play's malware system, called "Google Play Protect," has always been able to check sideloaded apps for malware, but it used faster techniques like a definition file, and this happened quietly in the background. This new technique will delay your app installation with a full-screen "scanning" interface while Google runs a deep scan of the app code. Google's blog post says this is "real-time scanning at the code-level to combat novel malicious apps" and that Google Play Protect can "recommend a real-time app scan when installing apps that have never been scanned before to help detect emerging threats."

The scan will involve sending bits and pieces of the app to Google for analysis. Google says: "Scanning will extract important signals from the app and send them to the Play Protect backend infrastructure for a code-level evaluation. Once the real-time analysis is complete, users will get a result letting them know if the app looks safe to install or if the scan determined the app is potentially harmful. This enhancement will help better protect users against malicious polymorphic apps that leverage various methods, such as AI, to be altered to avoid detection." [...] Google is first rolling this feature out in India -- a country that topped the malware distribution charts in that 2018 report -- with the company saying the feature "will expand to all regions in the coming months."

This discussion has been archived. No new comments can be posted.

Android Will Now Scan Sideloaded Apps For Malware At Install Time

Comments Filter:
  • Comment removed based on user account deletion
    • Comment removed based on user account deletion
    • by ls671 ( 1122017 )

      All too many times play protect falsely identifies user enabling software falsely as malware. Windows defender has a similar dysfunction.

      Indeed they'll probably block most side loaded apps forcing publishers to use the app store. Pretty silly to side load install apps you don't trust anyway, even the ones from the app store. I currently have zero third party apps on my phone. I just use a web browser. I provide one side loaded app to users although although currently moving this to web based. Web based on cell phones has been able to take picture integrated to the web page for a while now and that's all we need.

      • Indeed they'll probably block most side loaded apps forcing publishers to use the app store.

        The app I sideload on Android devices is SmartTube Next. That can't be in the Play Store for obvious reasons. It's most important on televisions, not phones, but it's useful on both.

        • I've sideloaded an app on an old Android device because the version in the play store only supported Android 10+. There are several sites that offer old versions of apps for download, I just wish I had some reliable way of knowing which ones can be trusted (if any).

          I've also sideloaded an app that was only available in the US play store, for no good reason I could fathom.

    • by bartle ( 447377 )

      All too many times play protect falsely identifies user enabling software falsely as malware.

      I guarantee that will be the case. I have an Android App that I like to install on my phones even though it was removed from the Google Store years ago due to copyright issues. Recently, when I went to download the apk from my Google mail account, Google flagged the attachment as a virus and refused to allow me to download it. That experience leads me to assume that taken down apps are already flagged as viruses by Google and will likely be treated that way by all of their antiviral tools.

  • by penguinoid ( 724646 ) on Wednesday October 18, 2023 @07:55PM (#63935893) Homepage Journal

    How long until they remove the option to install software anyways?

    • Well, we just keep whining ad nauseam, such a thing can't possibly happen.

    • I'd figure pirated/cracked apps would be the next things that get flagged as malicious since that's a big developer complaint. Can't have people getting free gems/coins/gold and bypassing cooldown timers in your shitty freemium "match 3" and "tap and wait" games, now can we?

      • by DrXym ( 126579 )

        I would be extremely surprised if most cracked mobile apps didn't contain malware. I sure as hell wouldn't trust some random apk from some random apk warez site to be what it claims to be.

        • A good number of Windows cracks are flagged as malware, or at the very least PUA (Potentially Unwanted (for whom?) Application), for nothing more than using the Windows API in a non-standard way. (Patching the app in memory, or decrypting their crack at runtime.) They don't have to have malware embedded for an antivirus to flag them.
          • by tlhIngan ( 30335 )

            A good number of Windows cracks are flagged as malware, or at the very least PUA (Potentially Unwanted (for whom?) Application), for nothing more than using the Windows API in a non-standard way. (Patching the app in memory, or decrypting their crack at runtime.) They don't have to have malware embedded for an antivirus to flag them.

            But a good number of cracks are also wrapped with malware too. It's a perfect injection vector.

            If you manage to get the cracks "clean" it's one thing, but the vast majority you

          • by DrXym ( 126579 )

            I bet they're also flagged because they're doing shady shit, not just modifying an exe but also phoning home, using crypto, putting files in places nobody should be putting files etc. I personally wouldn't ever use a crack unless it was sandboxed or running in a way that limits its harm, e.g. running in WINE or a VM.

    • by AmiMoJo ( 196126 )

      Probably never, because Google has already got enough antitrust problems.

  • by hdyoung ( 5182939 )
    Infringe on my right to install malware on my device. I DEMAND the right to blindly give away control of my device to a criminal organization that will monitor me for months and then I wake up one morning with empty bank accounts. Cause thats what FREEERDUUIMMM is all about.
    • Re:How DARE you (Score:5, Insightful)

      by Mononymous ( 6156676 ) on Wednesday October 18, 2023 @09:12PM (#63935977)

      I DEMAND the right to blindly give away control of my device to a criminal organization that will monitor me for months and then I wake up one morning with empty bank accounts.

      Not to worry! You still have access to the Play Store.

    • Comment removed based on user account deletion
      • Comment removed based on user account deletion
        • ... not fake tits.

          I think the point of a "silicone-filled bag" is to imitate breast-tissue. Otherwise, in what way is "silicone-filled bag" like real breast-tissue?

          ... chronic bad self-esteem.

          Going from (Euro/US) AA cup to a B cup is the easiest way to feel normal. No amount of therapy is going to make anyone believe that being physically below-average is not a handicap. How serious that handicap is, is another matter. The obvious purpose of breasts, producing milk, may not be impacted. The real purpose of breasts, revealing she is not an 11 year-

          • Comment removed based on user account deletion
          • Yes, the common breast augmentation is making average-size breasts into above average but for a few unlucky women, augmentation is a practical answer.

            It's certainly more feasible for a woman to get fake tits than to get over the idea that she needs to have obvious breasts to be happy. Once she gets her breasts enlarged she can go from being abused by men for not having bigger boobs to being abused by men attracted by her boobs, and be unhappy for a completely different reason.

            IMO the greyest area is women who lost one breast, e.g. to cancer. I would never suggest anyone doesn't have the right to modify their body for whatever purposes they feel are adequ

  • It's sad, but I had to disable google play protect exactly for this kind of things. There is no 'I am sure I want to install this even if you detect it as malware', so you have to completely disable play protect or be unable to install some apps you might need.

  • by sinij ( 911942 ) on Thursday October 19, 2023 @07:30AM (#63936579)
    If Google scans all sideloaded apps they can also arbitrarily decide that something is a security threat, like an ad blocking application.
  • by peppepz ( 1311345 ) on Thursday October 19, 2023 @07:33AM (#63936587)
    But incidentally, Google will become the gatekeepers of what you can install or not install on your phone. And governments will be able to take advantage of that. Think about an undemocratic regime asking them to provide a list of everyone who installed a VPN app. Or preventing the installation of such an app.
  • But the Google Play store keeps serving up malware. If Google is capable of identifying malware in sideloaded apps, why aren't they capable of identifying malware on their own platforms?

    Google serving malware in their own app store:
    https://www.bleepingcomputer.c... [bleepingcomputer.com]

    Google ads serving malware.
    https://www.cshub.com/malware/... [cshub.com]

    Google's video platform serving malware.
    https://cybersecuritynews.com/... [cybersecuritynews.com]

    Simply put, Google is a malware distributor. They have demonstrated time and time again that the
  • I think we all know the aim of this. To BLOCK programs like Adguard and others. If it's blocking google ads, google isn't making any money.
  • "Starting from 1 Nov 2022, apps that don't target an API level within two years of the latest Android release won't be available to new users with devices running Android versions newer than your app's target API level. This means that new users won't be able to discover or install your app on Google Play."

    This means for example, that users of devices which have upgraded to Android 13 can't find older apps which they want/need in the Play store.

    If you do follow a link to an old app Play store will gleeful

Like punning, programming is a play on words.

Working...