The Shifting State of Android Security

In a Tuesday blog mail, Google outlined some Play Store security stats, an unusual move for the company that signals a larger shift inside Google.

The mail—from Dave Kleidermacher, Head of Security, and Andrew Ahn, Google Play Product Manager—portrays Google as an agile guardian. In 2022, it took downward 700,000 apps that violated Google Play'southward policies, a 70 percent increase in removals over the year before, information technology said.

By the Numbers

Having written nearly Android security for several years now, I can say it's disappointing to see how fast low-quality and even malicious apps can spread through the Play Store. Information technology wasn't unusual to get tipped off to a malicious, or at to the lowest degree dangerous, app and see that thousands of people had already downloaded it. But Google says 99 percent of apps with what it calls "calumniating content" are now snagged before they're published.

"This was possible through significant improvements in our ability to detect abusive app content and behaviors—such as impersonation, inappropriate content, or malware—through new automobile learning models and techniques," Kleidermacher and Ahn wrote.

Google labels the really bad stuff—apps that can secretly send, receive, and intercept SMS messages for fraud and other nefarious activities—as Potentially Hazardous Apps (PHAs). They human activity as Trojans, or phish victims for personal information to send back to the bad guys. In brusque, these apps are designed to do actual harm.

Here, Google is less specific virtually improvements. "While small in book, PHAs pose a threat to Android users and we invest heavily in keeping them out of the Play Shop," Kleidermacher and Ahn write in their blog mail service. "With the launch of Google Play Protect in 2022, we've reduced the rate of PHA installs past an lodge of magnitude compared to 2022."

Just Google is not merely targeting apps. In 2022, it revoked the privileges of 100,000 so-chosen "bad developers" who filled the Google Play Store with the chaff that has plagued it for years. Google says it's now more than difficult for these bad actors to create new accounts and simply republish their apps—a keen footstep toward cleaning upwards the Play Store.

Not all "bad" Play Shop apps are malicious. Most are misleading and depression quality, impersonating more than popular apps from mainstream developers and making money with aggressive advertisements. Google says it took down over 250,000 apps that impersonated a dissimilar app in 2022.

Automated Guardians

A pop (merely dubiously accurate) critique of the Play Store is that it has relied also heavily on automation to approve apps. Google, for its part, has told me before that humans were e'er involved at some level of its app approval process.

We've seen glimpses of this before. At the 2022 Google I/O conference, the company said 20,000 dedicated processors reviewed 500,000 apps a day for potential malware. The influence of machine learning and associated AI technology has only increased. A Google rep told me that the Play team is applying Machine Learning more than broadly, using it to place not but bad apps but the developer networks that create them.

Machine vision, the rep continued, is also improving the Google Play experience. The system tin place bad apps more accurately and do and then at scale. "We have much more data than before for the models railroad train on and then can better detect nuances and hidden corruption," the Google rep said. "And [automobile learning] has helped brand human reviewers be more than effective."

A Changing Tune

This news today is role of a larger shift I've seen over how Google handles Android. In the past, I'd e'er felt Android put hardware and software developers' interests ahead of consumers.

For example, information technology took years for Google to implement an Apple tree-style permissions model, where users could approve or reject specific permissions for each app. Previously, Android required you lot to have whatever the app requested if you wanted to apply it. In Android eight.0 Oreo, stricter limitations on what apps tin can do in the groundwork are intended to cyberspace users a ameliorate experience.

"The initial focus/priority for Google Play/Android was to enable developers [to] reach a large global audience and bring fast adoption of the platform," a Google representative told me. "At present that Google Play has reached disquisitional mass, nosotros've definitely shifted gears to focus on building a trusted and safe store. We want to make certain users go a high quality experience."

That's a change of melody I'yard glad to hear, and one that I hope continues.

Source: https://sea.pcmag.com/news/19357/the-shifting-state-of-android-security

Posted by: pricedres1987.blogspot.com

Share this post