Mobile users can mitigate the risk of falling prey to malware by only downloading apps from reputable app stores. The Play Store is one of them, and it is the largest around for Android, though the risk is not by any means non-existent. Google realizes this, and has forged an App Defense Appliance with ESET, Lookout, and Zimperium.
Part of the ongoing problem with the Play Store is its sheer size makes it an attractive target for miscreants, as well as the number of Android devices in the wild. According to Google, the Android ecosystem consists of more than 2.5 billion devices, most with access to the Play Store.
This has led to a proliferation of malware in the Play Store, as we have reported on numerous occasions. In June, for example, a study found the Play Store was host to thousands of counterfeit Android apps laden with malware, with Temple Run being one of the most frequently counterfeited apps.
Enter the App Defense Appliance.
"Our number one goal as partners is to ensure the safety of the Google Play Store, quickly finding potentially harmful applications and stopping them from being published," Google says.
"As part of this Alliance, we are integrating our Google Play Protect detection systems with each partner’s scanning engines. This will generate new app risk intelligence as apps are being queued to publish. Partners will analyze that dataset and act as another, vital set of eyes prior to an app going live on the Play Store," Google adds.
Each of the other members Google has partnered with are security outfits that work in the world of endpoint protection. They each also offer specific products to protect mobile devices. In essence, Google is admitting it needs help to stay ahead of the bad guys.
"We hand-picked these partners based on their successes in finding potential threats and their dedication to improving the ecosystem. These partners are regularly recognized in analyst reports for their work," Google says.
Those same security firms that have partnered with Google already seek out and report security threats targeting Android. However, Google says the processes are manual and not designed for scale. This is where the App Defense Alliance should prove helpful.
As explained by Google, the App Defense Alliance opens up secure, two-way communication between the company its partners. This will enable ESET, Lookout, and Zimperium to share threat information with Google as soon as samples are discovered. In theory, this should result in Play Store malware being ejected much faster than before.
How it plays out remains to be seen, but it's at least nice to see Google making a bigger effort to make the Play Store safer.