Google has announced an upgrade to its Play Protect feature in which they will be scanning Android apps in real-time for malware, making it safer for Android users who might sideload apps from time to time.
One of the dangers of sideloading apps is that you can’t always trust the source. There are many sites that host APKs that users can download and install onto their Android phones, but this is under the working assumption that the apps submitted to these sites are legit and haven’t been tampered with to hide malware.
With this upgrade to Google Play Protect, whenever a user installs an app, Play Protect will now be able to perform malware scans on a code-level to see if the app might contain any malicious code where malware could be hiding in.
Now whenever a user installs an app, they will be given an option to perform a real-time scan if it has never been scanned before, making it ideal for sideloaded apps. So if you do get this notice, it might be worth taking the extra few minutes as a safety precaution.
“Scanning will extract important signals from the app and send them to the Play Protect backend infrastructure for a code-level evaluation. Once the real-time analysis is complete, users will get a result letting them know if the app looks safe to install or if the scan determined the app is potentially harmful. This enhancement will help better protect users against malicious polymorphic apps that leverage various methods, such as AI, to be altered to avoid detection.”
Google already has a review process for apps submitted to the Play Store that checks apps for malware and to ensure they adhere to Google’s policies. This is why it is generally recommended for users to install apps from the Play Store versus sideloading, where sometimes these apps don’t go through the same rigorous reviewing process, but as we’ve seen time and time again, sometimes bad apps can sneak through despite Google’s best efforts.
This isn’t to say that sideloaded apps are inherently bad or dangerous. There are many reasons why users might choose to sideload apps. For example, companies could develop apps that are specific to their operations that might contain confidential information, so there is no real need for it to be submitted through the Play Store.
Prior to this, the Play Protect scanning feature relied on existing information (which is how most antivirus software works) or machine learning and other methods to detect malware, but this change will perform a much deeper scan that could potentially identify malware that might have otherwise evaded detection.
Google says that this enhancement is in the process of being rolled out to all Android devices with Google Play services starting with India, but will eventually expand to all regions in the coming months.