Home GoAndroid Google Flagged 25,000 Apps as Malware & Reveals Technique Used

Google Flagged 25,000 Apps as Malware & Reveals Technique Used

Jan 19, 2017

Android devices are known to being more vulnerable to malware and other harmful apps because it runs on an open system. Even though Google is more susceptible to malware, the company recently said that over 25,000 apps have been flagged due to malware. Google then went on to talk about a scoring system, which is important in removing flagged apps as malware before it hits your Android device.

Google Scoring System Helps Rid Android of Malware

The scoring system Google is talking about is dubbed Dead or Insecure, also known as DOI for short. This scoring system allows for Google to get rid of apps that spread various malware like Gooligan, Hummingbird, and Ghost Push. Basically, the Dead or Insecure scoring system will flag these apps before they get bigger and spread to other apps or Android devices. Google is finally talking about how this scoring system works, and how it connected with the Verify Apps scanner to ensure safety of apps going into the Android community.

If you have never heard of Verify Apps before, it is the feature that is on Android devices that runs regularly to check for harmful apps or activity. Verify Apps will run and if something is found, it will alert the user so that the user can uninstall the app before anything bad or malicious happens. Some devices however, end up not checking in with Verify Apps, and sometimes this is not a bad thing, although other times it could mean the device contains malware. Once that device stops checking in with Verify Apps, it is considered by Google to be Dead or Insecure. You then look at the apps and downloads, and then check which apps are being downloaded the most on these Dead or Insecure devices. There are various scoring systems that are used to determine whether or not that app is a danger to Android users.

The issue is that these types of malware, such as Gooligan, are known to deactivate the Verify Apps feature. This is one of the default features on Android devices so Google will know if something is wrong when that feature is disabled. If an app is downloaded and Verify Apps is still happening, then the app is good and the device is retained. If the Verify Apps features stop working after an app is downloaded, then that is when the Android device is considered Dead or Insecure. The retention rate of the app is when Google looks at all of the Android devices that have downloaded that app in a day, and if the retention rate is high then the app and device are okay.

There is a Dead or Insecure score that is used to check the retention rates. If the retention rate is even just two points lower than the deviation, that app is flagged. If the score is lower than even the deviation, among other factors, then that app is determined to be harmful and Verify Apps will quickly get rid of the app. That app also will not be allowed to download again on that Android device. This is how Google has found Hummingbird, Gooligan, and Ghost Push malware on Android through the Google Play Store and other sources.

The good thing is that this feature allows Google to get to the apps before they can harm a lot of Android devices. A lot of these apps undergo manual reviews after being flagged, which helps just in case there is a legitimate reason why the app is flagged. For people running Android devices, they should be happy to know that Google has already caught over 25,000 apps that were malicious in nature because this helps keep the open source of Android safe. This also helps other developers because they do not have to worry about their app being removed for no reason because Google does to research and use multiple tools in order to verify whether or not the app is good or bad. This is the first time that Google has really talked about the process that it uses in order to flag apps and keep Android devices safe, so people running Android should be happy Google is finally releasing those details in order to inform consumers.