Google has integrated a special feature called Verify Apps within Android. It conducts malware scans on newly downloaded apps to make sure that they are free from virus and the device is safe. But some malicious apps lead to the malfunctioning of this feature or even make the feature absolutely ineffective.
Thus, the company has been looking for an alternative way to find out whether a phone stopped using Verify because one could no longer use it or it’s due the virus that has infected the device. Interestingly, Google has sorted out methods to detect if a particular app is harmful even in the absence of Verify. In a blog post on Android Developers, the search engine giant said,
To understand this problem more deeply, the Android Security team correlates app install attempts and Dead or Insecure (DOI) devices.
The team then marks the devices that stopped going under the radar with Verify as DOI and those apps which continue to use the feature as retained. The security team uses a unique formula to calculate the percentage of all retained devices that downloaded the Verify App in one day. The formula is:
N = x – μ / σ = x – p*N / √ N*p*(1-p), where
N = Number of devices that downloaded the app.
x = Number of retained devices that downloaded the app.
p = Probability of a device downloading any app will be retained.
Z = Represents the DOI score.
If the DOI score falls below -3.7, it would mean that a large number of phones or tablets have stopped checking with Verify as soon as they installed this app. Google then carefully inspects the said application before removing existing installs and preventing future downloads. It further added that this method is very efficient and has helped it recover a lot of apps loaded with Hummingbad, Ghost Push, and Gooligan malware.
The best practices for detecting secure Android apps from infected ones are still emerging, but as a caution, users should be careful with the apps they download, especially if it is outside the known and trusted marketplaces. And if you’re still careful then you can certainly bank on Google to come up with an updated verification and security procedure.
