Feeds

Google readying on-device malware scanner for Android

Could block bad apps from any source

Providing a secure and efficient Helpdesk

Android malware is on the rise, but the good news is that Google isn't sitting still for it. The search giant is reportedly readying a comprehensive anti-malware system for its mobile OS that will soon be able to spot malicious apps not just in the Google Play store, but also on Android devices themselves.

According to a report by the Android Police fan site, the latest, as-yet-unreleased build of the Google Play shopping app contains code snippets that suggest links to a future onboard malware scanner.

Text strings included in the Google Play 3.9.16 APK package file include such tidbits as, "Allow Google to check all apps on this device for harmful behavior?" And, "To protect you, Google has blocked the installation of this app."

These phrases are apparently text prompts that will be offered by a forthcoming Google Play feature, identified in the new build as "App Check."

To be clear, this anti-malware feature is not yet actually included in any known build of the Google Play app. Another text string found in the new app package says, "To learn more, go to Settings > Security" – but no such settings panel exists in the 3.9.16 version.

Rather, the presence of these items is strong evidence that malware scanning is a feature that Google is currently cooking up in its labs, and which will eventually appear in some future version of its store app.

That will be good news for Android users. The Chocolate Factory already scans apps in the Google Play store for malicious behavior using a system known as Bouncer, but that hasn't prevented a number of high-profile incidents in which scammers have used rogue apps to swindle Android users out of cash and device data.

Most recently, some 1,400 people in the UK were left lighter in the pockets after they downloaded Android scam apps disguised as the latest Roxio Angry Birds game. What the rogue apps actually did was send SMS messages to premium-rate services, costing the unwitting users up to £15 each.

Part of the problem is that unlike Apple iPhones, Android phones generally allow users to install apps from sources other than the Google Play store, which can be risky. Some models require the user to explicitly enable this capability, while others ship with it switched on by default.

So far, Google's server-side Bouncer app scanning has had no way to screen apps from third-party app stores. But with anti-malware capabilities installed on the devices themselves, Android handsets and fondleslabs will be able to flag suspicious apps no matter where they come from.

For now, however, exactly how Google's on-device malware scanning will work – and how well – is strictly up to speculation.

So is when it will actually become available, although there's a good chance it might arrive with the next version of the Android OS. Rumor has it that version will be known as Android 4.2, code named "Key Lime Pie," and it could ship with an upcoming LG handset as soon as November. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Hackers thrash Bash Shellshock bug: World races to cover hole
Update your gear now to avoid early attacks hitting the web
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.