​Google Play Protect wants to stop your Android apps from going rogue

Google is giving its anti-malware service a more prominent position in Android and it's working on a partial fix for its version fragmentation problem.
Written by Liam Tung, Contributing Writer

Google has unveiled its latest attempt at improving the security of Android apps, Google Play Protect.

Android has had a bigger malware problem than iOS, and some of that malware had managed to get into Google's own Play store. And while Google does a lot to to keep malicious Android apps outside of the Google Play store sometimes it misses them until notified by third-party malware researchers. Even though relatively few users are actually affected by Android malware, each bad app that sneaks into the Play Store creates an impression that Google isn't doing enough.

Meanwhile, users don't see that it actually has anti-malware features buried in the background, such as Verify apps, a part of Google Play Services that can scan installed apps for dangerous behavior, prevent users installing known harmful apps, and even remove malicious apps without require user action.

Google's Play Protect aims to tackle this. It is part of the Google Play app and is designed to give users greater visibility into their device security. The feature appears to a rebranding of Verify Apps but now more prominently placed in the Google Play app.

Play Protect is aided by Google's machine learning, which is trained to look for harmful apps based on scans of 50 billion apps each day. Apps are analysed before appearing on the Play Store, then Play Protect monitors apps for misbehavior once installed on the device, running automatically in the background.

Google is also making Find My Device part of Google Play Protect. This used to be called Android Device Manager and is still available as a standalone app under the new name. The app still helps users find and track a lost device, but as noted by Android Police, it got a much needed redesign, including a new icon, a friendlier interface, a new battery and Wi-Fi status indicator, and details about the last known location of the device.

The more prominent security feature coincides with a larger project at Google to fix Android's nagging version fragmentation problem. Google now counts two billion active Android devices, but just 7.1 percent run Android 7.0 Nougat some 10 months after its release. Non-Google phones usually take months or more to get the latest version of Android.

And while carriers and handset makers are often blamed, a key link in the chain to delivering these updates are chipmakers like Qualcomm, which need to customize parts of Android to support their processors.

Chipmakers are the target of a new Android project called Treble, which is "the deepest surgery we've done to Android to date", David Burke, vice president of engineering for Android, told ZDNet's sister, CNET.

Under Treble, Google is by carving out the code that chipmakers customize to help reduce friction as Android moves between players in the ecosystem.

The project aims to cut down the months it takes to get new versions of Android on to existing phones. For example, T-Mobile only today released Nougat for the Galaxy S6 edge+.

Treble won't completely solve the problem, as carriers and handset makers still need to deliver updates, but it still could result in a faster rollout for Android O.

Editorial standards