Google Enlists Help to Fight Bad Android Apps

The tech giant formed an alliance with three endpoint security firms aimed at stopping malicious apps before they get to the Google Play Store.

After years of unsuccessfully battling malware and bad apps in the Google Play store and on more than 2.5 billion Android devices, Google is finally doing something about it.

The tech giant this week unveiled an alliance with three companies with specific expertise in endpoint security to help prevent the spread of malware on its broad ecosystem mobile devices.

The App Defense Alliance, unveiled in a Google blog post on Wednesday, is a partnership between Google, ESET, Lookout and Zimperium, aimed at stopping “bad apps before they reach users’ devices,” the company said.

“Fighting against bad actors in the ecosystem is a top priority for Google, but we know there are others doing great work to find and protect against attacks,” the company said in the post. “Our research partners in the mobile security world have built successful teams and technology, helping us in the fight.”

The alliance’s chief aim is to provide better security of the Google Play Store and stop malicious apps from being published at all, the company said. To do that, Google will integrate its Google Play Protect detection systems with each partner’s scanning engines to assess an app’s risk while it’s in the queue to be published.

“Partners will analyze that dataset and act as another, vital set of eyes prior to an app going live on the Play Store,” according to the post.

The partners Google has chosen each specialize in endpoint security and in some cases already have experience in detecting and observing the behavior malware on Android devices. Researchers from ESET, for example—which offers antivirus and internet security–in September alone detected 172 malicious apps on the Google Play Store, with more than 330 million installations on user devices.

Lookout offers a security cloud to protect against phishing attacks and mobile risks; and Zimperium provides advanced machine learning to detect mobile and internet of things (IoT) threats.

“Working closely with our industry partners gives us an opportunity to collaborate with some truly talented researchers in our field and the detection engines they’ve built,” Google said in the post. “This is all with the goal of, together, reducing the risk of app-based malware, identifying new threats and protecting our users.”

Google has been losing the battle against malicious apps and the spread of malware on Android-based mobile devices for years. The company is constantly removing bad apps from the Google Play Store that range in capability from adware and spyware to those pretending to be legitimate apps like Instagram but which engage in malicious activity such as harvesting user credentials.

Indeed, Google’s acknowledgement that it needs help to keep up with mobile security couldn’t come at a better time, as the problem appears to be getting worse, not better. Research unveiled last month found that the number of fake apps impersonating legitimate ones is on the rise, and users can’t be counted on to vet apps before downloading them to devices.

What are the top risks to modern enterprises in the peak era of data breaches? Find out: Join expert from SpyCloud and Threatpost senior editor Tara Seals on our upcoming free Threatpost webinar, “Trends in Fortune 1000 Breach Exposure.” Click here to register.

Suggested articles