Google’s Android security bouncer is packing on some extra pounds for the spring.
Earlier this week, Android users were rocked when they discovered a hot new app that had rocketed to the top of the Google Play charts was a total fake. The app—Virus Shield—promised security protection for apps that users had downloaded on their Android devices. The problem? Virus Shield didn’t actually do anything. It was a paid app ($3.99) that didn’t do what it claimed to do. Google has since pulled it from the Google Play store.
Android users have a natural—if not totally justified—fear for the security of the apps they download on their devices. In the wake of the NSA’s spying scandal, reports of poor security on Android and more recently Heartbleed, Internet users have developed a semi-rational paranoia about whether or not apps and websites do exactly what they say they do.
To reassure Android users that security is still a primary focus at Google, the company today announced a new update to its “Verify Apps” program that continuously scans apps both on Google Play and on users devices to ensure they’re behaving in the way they are supposed to, even after the app has already been downloaded.
The benefits of continual security monitoring are obvious. Apps sometimes change permissions (like the ability to read your messages, access your calendar, etc.) with new updates or request permissions they don’t necessarily need. Continuous app scanning from Google’s Android Verify Apps program should keep users safe by providing a check on apps that are behaving badly.
That being said, Verify Apps will not protect users from apps that still do what they promise to do, but use the information for nefarious purposes or fail to secure users’ information properly.
Verify Apps is the extension and maturation of Google’s Android “bouncer” program that was released in February 2012. Bouncer scans every app in Google Play against a list of known malware bugs and vulnerabilities, so if an app is flagged as malicious, a user will be warned not to install the app, or else Google will block the installation itself.
The Verify Apps feature is automatically enabled for any Android users running version 4.2 Jelly Bean or higher, and can be accessed in the security settings of Android devices.
Google claims that Verify Apps, in the last year, has been used 4 billion times to scan apps at the time of install. According to the company, only 0.18% of installations result in warnings for users; despite how Google presents those figures, however, that’s still 7.2 million warnings. The Android maker would probably like those numbers to drop, but considering Android’s continued global expansion, the company will likely need to reassess its security measures to ensure the ecosystem stays open but also safe.