Google intends to release a future update to its Google Play Store that will provide client-side protection from malware present in malicious applications. This malware scanner will analyze an application when a user attempts to install it on an Android device. If there is a known strain of malware present in the application, the user will be notified about the same and the installation process will be stopped.
The APK for this malware scanner was studied by a research team at Android Police and this is a welcome step in the right direction for the security of Android users. The APK contains an initiative known as ‘App Check‘. This initiative scans all previously downloaded applications on a device and warns the user about any recognized threats, if found. Apart from this, the core protection feature of the APK actively scans for malware as an application is being installed.
Google currently employs the use of Bouncer to study various applications in the Google Play Store. However, this is a server-side protector and it does not provide protection against an application that is already installed on a device, or is in the process of being installed. Once the speculated client-side process is initiated, an Android user will enjoy enhanced protection from the many security hazards of the platform.
While this is a notable step by Google, it is one that may not make much difference. That is because most malware that spreads through malicious apps, does not reach a device through the Google Play Store. Rather, it reaches the device through third-party sources and unofficial Android markets. The process of installing apps from unofficial sources is known as ‘Sideloading‘ and this feature can be turned ON/OFF by the user at any time. It is still unknown whether this initiative from Google will scan applications that are installed through such sources.
This makes it imperative to install effective mobile phone security software on any Android device. Malicious apps are one of the most potent threats to this platform and the ability to install apps from any source makes the OS even more vulnerable. In-built security features from Google are a helpful addition, but one must not underestimate the need for a mobile security suite to complement this.