New Android Feature: Real-Time App Scanning To Combat Malicious Sideloaded Apps


Google has unveiled a new feature for Android’s built-in security engine, Google Play Protect. The latest addition to this security tool is real-time app scanning, which analyzes an app’s code and prevents its installation if it is deemed potentially harmful. This development aims to address the issue of malicious or fake sideloaded apps that are downloaded from sources outside of the official app store.

Key Takeaway

Google’s introduction of real-time app scanning within Play Protect is a significant step towards combating malicious sideloaded apps. By analyzing an app’s code in real time, this feature acts as a crucial last line of defense, protecting billions of Android users from potential security and privacy risks. While the scanning capabilities will continue to evolve and improve, this development demonstrates Google’s commitment to enhancing the safety of the Android ecosystem.

Real-Time App Scanning: A Game-changer

In October, Google announced the integration of real-time app scanning into Google Play Protect. This feature comes as a crucial defense against sideloaded apps that employ various techniques to evade detection, such as altering their appearance or using artificial intelligence to modify their code.

With the new update, any app that has never undergone a scan before is recommended for a real-time analysis. This involves a thorough examination of the code, during which “important signals” are extracted and sent to the Play Protect backend infrastructure for evaluation.

The Rising Need for Enhanced Security Measures

The vast Android app store hosts billions of applications that Google screens for malware. However, sideloading remains a popular option for many Android users who decide to bypass the official app store. Unfortunately, this practice carries risks as it requires users to place their trust in the apps they install.

This update from Google primarily aims to counter the proliferation of predatory loan apps, which have caused distress to users, leading to tragic consequences in some instances. Cybercriminals behind these apps access sensitive user data, including contacts and photos, to harass and intimidate their victims. To address this issue, Google has implemented stricter policies and removed over 3,500 predatory loan apps in the past year alone. Nevertheless, attackers continue to find ways to target unsuspecting individuals.

In a recent statement, Saikat Mitra, Google’s head of trust and safety for APAC, emphasized the importance of additional measures to stay ahead of these bad actors: “Our policies are making it tougher for predatory apps to be listed on the Play Store. But the bad actors are inventive, and they are finding new ways to trick people, and that is why we take additional measures.”

The Testing Process

Google initially launched the Play Protect update in India and plans to expand it internationally soon. To evaluate the effectiveness of the feature, we conducted our own testing using a Pixel 7a phone with a fresh installation of Android 14 and the updated Google Play Store featuring real-time code-level scanning.

We attempted to install over 30 different malicious apps ranging from stalkerware and spyware to predatory loan apps and fake replicas of popular apps. The results were impressive, with Google Play Protect successfully blocking most of the malicious apps. These were accompanied by warnings such as “Apps from unknown developers can sometimes be unsafe” and “This app tries to spy on your personal data.” However, a few predatory loan apps managed to bypass the protection.

The Scope of Play Protect

Google’s Play Protect update not only addresses spyware and stalkerware but also targets predatory loan apps disguised as legitimate Android apps. By uploading the contact lists of devices, these loan apps enable loan agents to send threatening messages and make intimidating phone calls to a victim’s contacts. While the majority of these predatory loan apps were prevented from installation, a few managed to slip through the scanning process.

In addition, we tested the protection provided against fake versions of popular apps listed on Google Play. Although imitation apps with similar names and designs were successfully installed, their purpose remains unclear.

Leave a Reply

Your email address will not be published. Required fields are marked *