X

Android now scans apps for malware after installation

Google's Verify Apps malware protection for Android is rolling out an update that will constantly monitor apps for suspicious behaviour.

Michelle Starr Science editor
Michelle Starr is CNET's science editor, and she hopes to get you as enthralled with the wonders of the universe as she is. When she's not daydreaming about flying through space, she's daydreaming about bats.
Michelle Starr
2 min read

Google's Verify Apps malware protection for Android is rolling out an update that will constantly monitor apps for suspicious behaviour.

(Credit: Google)

Google has amped up the protection from malicious apps with an update to its Verify Apps feature for Android smartphones. Previously, the feature would only perform a one-time scan on apps being installed from outside Google Play to check for malware.

The new update, announced earlier this year, takes this a step further. Now, Verify Apps will perform continual scans on running apps to make sure they're clean.

"Building on Verify apps, which already protects people when they're installing apps outside of Google Play at the time of installation, we're rolling out a new enhancement which will now continually check devices to make sure that all apps are behaving in a safe manner, even after installation," Android security engineer Rich Cannings wrote on the official Android blog.

"In the last year, the foundation of this service — Verify apps — has been used more than 4 billion times to check apps at the time of install. This enhancement will take that protection even further, using Android's powerful app scanning system developed by the Android security and Safe Browsing teams."

The app will show a warning similar to the existing Verify Apps warnings, allowing users to choose whether to keep or remove the app.

On Google Play, Google Bouncer scans for malicious apps, but users downloading apps from outside sources — such as the Amazon app store — had to rely on Verify Apps for malware protection. It does a pretty good job — in February, Android chief security engineer Adrian Ludwig revealed that less than 0.001 per cent of all Android apps evade runtime defences and cause harm — but Google wants to make its mobile operating system safe for all users.

"Even though the risk is minuscule, we're committed to making sure that the best available security protections are available to all Android users," Cannings wrote. "This includes service-based protections such as Verify apps, as well as security features within the platform itself."