Google has partnered with mobile security companies EST, Lookout, and Zimperium to help identify malicious apps before they are published on the Play Store. The companies have created App Defence Alliance; it will allow the three partners to integrate Google Play Protect detection into their own scanning engines which will add an extra layer of protection for all the apps that are queued to get published, Google said.
How is this different from Google Play protect? While Google Play Protect scans the Play Store and highlights malicious apps, the App Defense Alliance scans apps before they are listed on the Play Store. This protects the users from downloading any such apps accidentally.
Google’s problems with fake apps: The Google Play Store had over 2,000 fake apps as of June, according to a cybersecurity study by the University of Sydney and Data61-CSIRO. These fake apps were duplicates of popular games such as Temple Run, Free Flow, and Hill Climb Racing, and many of them contained malware and requested dangerous data access permissions. The study had advised users to perform the following checks before downloading apps to avoid being hacked:
- Do the homework: Find out which platforms and countries the new app has been officially released in, as hackers may target those platforms and countries where these popular apps are yet to be released.
- Be mindful of cross-market counterfeits: Check if an app has been released on both Android and iOS as hackers sometimes release fake versions of popular apps that are only available on one of the platforms.
- Read the app description: Read the app description and check the available metadata, such as the developer information, number of downloads, release date and user reviews before any installation.
- Stick to official app stores: Don’t install apps from non-official app stores or by searching online.
- Carefully check the permissions requested
- Regularly update the operating system and remove unused apps
In February, Google had removed 28 fake apps from the Play Store after security firm QuickHeal had said that the apps did not have any legitimate functionality related to the app name. Apps such as Credit Card Process and Home Loan Advisor appeared to be genuine, but did not function after it was downloaded and opened.