Jump to content

Google teams up with security companies to catch bad apps before they hit the Play Store


zanderthunder
 Share

Recommended Posts

zanderthunder

It’s calling the partnership the ‘App Defense Alliance’

 

acastro_180427_1777_0001.0.jpg

 

 

Google announced today that it’s teaming up with three security companies to help identify malicious apps before they’re published on the Play Store and can potentially do harm to Android users. The company is calling this partnership the App Defense Alliance.

 

Android is on over 2.5 billion devices, according to Google, and the company says that makes the platform “an attractive target” for abuse. That abuse can take the form of hidden malware or secret code designed to spy and siphon away sensitive user data. This seems to be particularly true of the Play Store — over the past year or so, Google has had to take action against multiple developers for releasing apps on the Play Store using scammy ad practices. By forming the App Defense Alliance, Google is enlisting security companies ESET, Lookout, and Zimperium to help scan for bad apps before they hit the Play Store in the first place.

 

Google already builds Google Play Protect, its malware protection service, right into Android. The company says it also uses Play Protect to scan “billions” of apps every day on the Play Store. So it seems like Google should already be catching these bad apps — but apparently, the problem is big enough that the company felt the need to bring in some reinforcements. In theory, with more companies helping scan Play Store apps, there’s a better chance you won’t accidentally download one of the bad offenders on your Android device.

 

Source: Google teams up with security companies to catch bad apps before they hit the Play Store (via The Verge)

  • Like 2
Link to comment
Share on other sites

Google enlists outside help to clean up Android’s malware mess

New App Defense Alliance tries solving longstanding Play Store malware problem.

Google enlists outside help to clean up Android’s malware mess
Ron Amadeo

Android has a bit of a malware problem. The open ecosystem's flexibility also makes it relatively easy for tainted apps to circulate on third-party app stores or malicious websites. Worse still, malware-ridden apps sneak into the official Play Store with disappointing frequency. After grappling with the issue for a decade, Google is calling in some reinforcements.

 

This week, Google announced a partnership with three antivirus firms—ESET, Lookout, and Zimperium—to create an App Defense Alliance. All three companies have done extensive Android malware research over the years, and have existing relationships with Google to report problems they find. But now they'll use their scanning and threat detection tools to evaluate new Google Play submissions before the apps go live—with the goal of catching more malware before it hits the Play Store in the first place.

 

"On the malware side we haven’t really had a way to scale as much as we’ve wanted to scale," says Dave Kleidermacher, Google's vice president of Android security and privacy. "What the App Defense Alliance enables us to do is take the open ecosystem approach to the next level. We can share information not just ad hoc, but really integrate engines together at a digital level, so that we can have real-time response, expand the review of these apps, and apply that to making users more protected."

 

It's not often that you hear someone at Google—a company of seemingly limitless size and scope—talk about trouble operating a program at the necessary scale.

 

Each antivirus vendor in the alliance offers a different approach to scanning app files called binaries for red flags. The companies are looking for anything from trojans, adware, and ransomware to banking malware or even phishing campaigns. ESET's engine uses a cloud-based repository of known malicious binaries along with pattern analysis and other signals to assess apps. Lookout has a trove of 80 million binaries and app telemetry that it uses to extrapolate potential malicious activity. And Zimperium uses a machine learning engine to build a profile of potentially bad behavior. As a commercial product, Zimperium's scanner works on the device itself for analysis and remediation rather than relying on the cloud. For Google, the company will essentially give a rapid yes or no on whether apps need to be individually examined for malware.

 

As Tony Anscombe, ESET's industry partnerships ambassador puts it, "Being part of a project like this with the Android team allows us to actually start protecting at the source. It’s much better than trying to clean up afterwards."

 

Setting up those systems to scan new Google Play submissions wasn't conceptually difficult—everything runs through a purpose-built application programming interface. The challenge was adapting the scanners to make sure they could handle the firehose of apps that will flow through for analysis—likely many thousands per day. ESET already integrates with Google's malware-removing Chrome Cleanup tool, and has partnered with Alphabet-owned cybersecurity company Chronicle. But all of the App Defense Alliance member companies said the process to create the necessary infrastructure was extensive, and the early seeds of the alliance started more than two years ago.

 

"Google narrowed down the vendors that they wanted to engage with and everyone did a pretty elaborate proof of concept to see if there's any added benefit, and if we find more bad stuff together than either of us is able to independently," says Lookout CEO Jim Dolce. "We were sharing data over a period of a month—millions of binaries effectively. And the results were very positive."

 

It remains to be seen whether the alliance will actually catch significantly more malicious apps before they hit Google Play than the company was flagging on its own. Independent researchers have found that many Android antivirus services aren't particularly effective at catching malware. And all of the alliance members emphasize that increasing Google Play's defense will only drive malware authors to get even more creative and aggressive about distributing tainted apps through other means. (Don't forget that these companies all have malware scanners they want to sell you.) But Google's Kleidermacher emphasizes that the company is confident that the alliance will make a real difference in protecting Android users.

 

"When you’re at the massive scale that we have in these platforms, when you can get even 1 percent incremental improvement it matters," he says.

 

More companies gaining access to Google Play submissions also raises the possibility that hackers could look for vulnerabilities in the Play Store pipeline itself. But Kleidermacher notes that Google has stringent contracts with all of its vendors that cover not only the analysis load they'll handle day to day, but how they'll secure data and use the special API.

 

"We have an agreement in place and there are expectations on us as providers," says Jon Paterson, Zimperium's chief technology officer.

 

While there are no guarantees that the program will make a dent in the Google Play malware problem, it seems worth a try given that app screening and monitoring are a challenge for even the most stringent app stores, be it Google's or Apple's or dedicated government offerings. With 2.5 billion Android devices in the world—and a problem that it hasn't yet solved on its own—Google doesn't have much to lose in asking for a little help from its friends.

 

This story originally appeared on wired.com.

 

 

Source: Google enlists outside help to clean up Android’s malware mess (Ars Technica)

Link to comment
Share on other sites

zanderthunder

Only this year they decided to team up other security companies to catch Android-based malware. They should done back in 2012, instead of using in-house Google Bouncer and Play Protect app security solution which doesn't really effective.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...