Google Changes How it Analyzes Misbehaving Mobile Apps

Google has a new machine-learning algorithm it uses to compare new apps to known secure apps, improving the way it classifies submissions to Google Play.

Mobile apps in the Google Play store are categorized by their purpose, i.e., productivity or games. But there is a science to how apps are arranged, in particular around security and privacy features, and especially in holding back those apps whose behaviors pose a risk to mobile users.

Google on Wednesday shared some details on a new machine-learning algorithm it developed and has applied to better weed out apps that could threaten data stored on a device or the privacy of an individual.

The technology, Peer Group Analysis, ferrets out risky apps by comparing new submissions to Google Play to apps already deemed safe based on a number of relevant characteristics.

“To protect our users and help developers navigate this complex environment, Google analyzes privacy and security signals for each app in Google Play. We then compare that app to other apps with similar features, known as functional peers,” members of the Google Security and Privacy teams wrote. “Creating peer groups allows us to calibrate our estimates of users’ expectations and set adequate boundaries of behaviors that may be considered unsafe or intrusive.”

Among the most common risk to users in the Android ecosystem are mobile apps that seek more permissions than required to function as promised. Google said its new algorithm eliminates the rigidity posed by the old means of classification by category, and helps better find these types of misbehaving apps, especially those that are benign at the start and updated once they’ve sailed through Google’s security scanners.

“Our approach uses deep learning of vector embeddings to identify peer groups of apps with similar functionality, using app metadata, such as text descriptions, and user metrics, such as installs,” Google said. “Then peer groups are used to identify anomalous, potentially harmful signals related to privacy and security, from each app’s requested permissions and its observed behaviors.”

Earlier this year, Google published its classification for harmful apps and explained how its Verify Apps service uses this taxonomy to trigger alerts to the user if a malicious app is about to be installed. Google Play uses the classification in its analysis of apps as they’re submitted by developers.

The classification is extensive, and ranges from backdoors, to downloaders, to apps that commit call and toll fraud, to rooting apps.

“The correlation between different peer groups and their security signals helps different teams at Google decide which apps to promote and determine which apps deserve a more careful look by our security and privacy experts,” Google said. “We also use the result to help app developers improve the privacy and security of their apps.”

Suggested articles