Feeds

Google readying on-device malware scanner for Android

Could block bad apps from any source

Build a business case: developing custom apps

Android malware is on the rise, but the good news is that Google isn't sitting still for it. The search giant is reportedly readying a comprehensive anti-malware system for its mobile OS that will soon be able to spot malicious apps not just in the Google Play store, but also on Android devices themselves.

According to a report by the Android Police fan site, the latest, as-yet-unreleased build of the Google Play shopping app contains code snippets that suggest links to a future onboard malware scanner.

Text strings included in the Google Play 3.9.16 APK package file include such tidbits as, "Allow Google to check all apps on this device for harmful behavior?" And, "To protect you, Google has blocked the installation of this app."

These phrases are apparently text prompts that will be offered by a forthcoming Google Play feature, identified in the new build as "App Check."

To be clear, this anti-malware feature is not yet actually included in any known build of the Google Play app. Another text string found in the new app package says, "To learn more, go to Settings > Security" – but no such settings panel exists in the 3.9.16 version.

Rather, the presence of these items is strong evidence that malware scanning is a feature that Google is currently cooking up in its labs, and which will eventually appear in some future version of its store app.

That will be good news for Android users. The Chocolate Factory already scans apps in the Google Play store for malicious behavior using a system known as Bouncer, but that hasn't prevented a number of high-profile incidents in which scammers have used rogue apps to swindle Android users out of cash and device data.

Most recently, some 1,400 people in the UK were left lighter in the pockets after they downloaded Android scam apps disguised as the latest Roxio Angry Birds game. What the rogue apps actually did was send SMS messages to premium-rate services, costing the unwitting users up to £15 each.

Part of the problem is that unlike Apple iPhones, Android phones generally allow users to install apps from sources other than the Google Play store, which can be risky. Some models require the user to explicitly enable this capability, while others ship with it switched on by default.

So far, Google's server-side Bouncer app scanning has had no way to screen apps from third-party app stores. But with anti-malware capabilities installed on the devices themselves, Android handsets and fondleslabs will be able to flag suspicious apps no matter where they come from.

For now, however, exactly how Google's on-device malware scanning will work – and how well – is strictly up to speculation.

So is when it will actually become available, although there's a good chance it might arrive with the next version of the Android OS. Rumor has it that version will be known as Android 4.2, code named "Key Lime Pie," and it could ship with an upcoming LG handset as soon as November. ®

The essential guide to IT transformation

More from The Register

next story
Rupert Murdoch says Google is worse than the NSA
Mr Burns vs. The Chocolate Factory, round three!
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Germany 'accidentally' snooped on John Kerry and Hillary Clinton
Dragnet surveillance picks up EVERYTHING, USA, m'kay?
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
Think crypto hides you from spooks on Facebook? THINK AGAIN
Traffic fingerprints reveal all, say boffins
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.