27
Feb
shield

Android malware isn't as big of a concern as some mainstream media reports would have you believe, but it is enough of an issue that Google started beefing up its security a few years ago. There's the "Bouncer" server-side scanning that checks apps before they go live, and your device runs app verification as new packages are installed. Now Google is about to patch a hole in the local app scanning by making it run continuously.

Verify apps

This change in app verification is going to hit virtually all Android devices by way of a Play Services update in the near future. The current behavior is to scan new apps and compare them to known examples of malicious code. If something is amiss, Android will alert you. After the Play Services update your device will do the same thing, but all the time.

The reason for scanning apps after they are installed is twofold. First, an app might be carrying a type of malware that isn't known when you install it, but is identified later. A seemingly innocuous app could also download malicious code through some external mechanism. Having app verification running in the background solves those issues. You might not even notice anything different, but you'll technically be safer.

[ComputerWorld, +Adrian Ludwig]

Ryan Whitwam
Ryan is a tech/science writer, skeptic, lover of all things electronic, and Android fan. In his spare time he reads golden-age sci-fi and sleeps, but rarely at the same time. His wife tolerates him as few would.

He's the author of a sci-fi novel called The Crooked City, which is available on Amazon and Google Play. http://goo.gl/WQIXBM

  • Bluewall

    Well, I guess it's an excellent move here !
    Also, Inb4 "IT'S KILLING MY BATTERY" post.

    • Dominic Powell

      hopefully it only kicks in when charging and on wifi... or there is a way to choose when it activates (say at 3 am in the morning or something.

      • Nick

        I'd be fine with that. Power to Give only runs when my battery is on wifi, 90%+, and only when it's charging and it not harmed my charging process/battery at all.

      • http://galaxynote3tips.blogspot.com/ Martens Nkem

        the power drainage is my major concern too, and i do hope their is an option to only allow this background check while the devices is charging and connected to a WiFi network

      • blackk

        I think battery impact will be negligible. It'll get a list of installed packages, upload them to Google, then get the result back. Should take a few secs. If it does this every 1 hr, that's still very good.

    • ddpacino

      ...Inb4 all the privacy concerns, "Why are they actively scanning my device? Stealing more personal data... I wan't it OFF!"

      • Michael Benesch

        You have something to hide?

        • http://twitter.com/anishbhalerao Anish Bhalerao

          Even if he doesn't have anything to hide does not mean he can be strip-searched 20 times a day. Would YOU like it if every 2 hours, the Police (the Android Police! :D) turned up at your house and searched every nook and corner of it, and if you reasoned, they say "Why? Do you have something to hide?"
          Argument invalid.

          There needs to be an option to turn this off, or keep it active during charging or at 3 am in the night or whatever!

          • Mkvarner

            If Androidpolice showed up, of course! :)

          • Michael Benesch

            As long as they aren't rude about it, I wouldn't mind, I might even cook some food for them as well :)

        • highdiver_2000

          Prawn, in different shapes, sizes and color

        • AK

          You might want to try hiding your stupidity.

          • Michael Benesch

            Stupidity is part of humanity, no matter how much your mind, manifested as your ego, tries to defend itself. Humanity only knows an estimated 4% of all information in the universe, we're pretty stupid. Oh and I hope you have a wonderful day btw :)

        • outdoorlife

          What an idiotic thing to say. You, and people who "think" like you are what is wrong with the world today.

          • Michael Benesch

            I assure you reading a couple of my comments on AP does not make you qualified to speak about my thought process, intelligence, or lifestyle. I simply choose not to live in fear of the future or unknown. If I can do something to prevent bad things from happening (such as poloce searches) I will do them, but if they happen outside of my control I'll make due and deal with it, as it only has power in your life if you let it get to you. Also, it seems like people have lost the meaning of a discussion board, not to hurl insults at each other, but to openly discuss either similar or conflicting views. Posting about the writer of a comment when you obviously know nothing about who they are is ignorant.

    • Adrian Meredith

      i would imagine it kicks in when you launch the app, therefore it wont drain the battery

    • mikeym0p

      I was just going to say, it's good and all but I hope they make their yet ANOTHER service pleasant on the battery.

  • Tomáš Petrík

    Nice!

  • Guestman

    I wonder what the impact on RAM and battery life would be.

    • ddpacino

      I'm positive it will be quite minimal

    • David Hart

      probably much less than leaving gmail sync on

  • เกรียนเทพ ดี อันลิมิเตด

    I have no problem to let this run on my device. I always buy apps. There's no pirate app on my device or something bad except YouMate YouTube Downloader. I am worrying about just one thing, will it effect my battery life if it has to run in the background all the time?

    • abobobilly

      Shit i was going to report your post just by reading your name -.- ... thats when i read the 'content' which weren't mentioning about any "my brother's wife made XYZ amount of money".

    • Mike Reid

      Google doesn't care much about piracy, if that's what you think. This won't scan for pirated apps, though it might help detect bad apps that are pirate copies of good apps.

      Easier piracy on Android is a "feature" that helps make it the leading OS.

      Re the article, I think "app verification running in the background solves those issues" should say "... HELPS solve...". There is no magic bullet in detecting badware.

  • Christofftofferson

    Sounds good to me

  • Grahaman27

    As long as it can be disabled, that's neat I guess.

  • osm0sis

    Hopefully this doesn't break root or Xposed, which do use injection.

    • Francisco Franco

      Break all the things!

    • Matthew Fry

      If it does, I suspect there will be an "Xposed verification disabler" module popping up very quickly.

  • Stanley Chan

    U can dream of... I do not agree at all!

    This will spy our devices and block our root apps. This is what will happen!

    • ElTimo

      I just tried for five minutes to argue with you, but then I realized that you probably couldn't comprehend most of the words and stopped.

  • brkshr

    Disagree... I've done just fine without this feature running in the background and just fine without this feature at all. I'll pass.

  • http://robert.aitchison.org raitchison

    The battery thing is a real concern. As it is Google Play services is usually the biggest or second biggest battery user on my phone.

    • Tim242

      Google Play Services rarely ever shows up in my list.

  • Christopher Robert

    well there goes about 3% of your battery per hour. never had any problems with Android Malware, would rather have this be an optional feature. or at least be able to disable it.

    • godutch

      They could scan only when charging and from the screenshot it's an opt-in

    • Daire O Connor

      Oh good. You know exactly how much battery usage this process will take which means obviously your a Google Developer working on this project. Enlighten me with your insider information and the exact details of how this process will work. Or you could stop spouting shit and wait to see the actual effects this will have.

      • Tim242

        Study this screenshot.

        • http://the-jade-domain.com Jaime J. Denizard

          I think I love you.

          • Tim242

            Haha here's another one I keep at my disposal.

          • http://the-jade-domain.com Jaime J. Denizard

            lol thanks for this. I would post this image on my Facebook like I did the other one, but I'm actually guilty of (unconsciously!) doing this from time to time. :

          • Tim242

            Hey, at least you are able to lightheartedly admit it. I think I love you too haha

          • Matthew Fry

            I'm a fan of 'I'd've,' 'you'd've,' 'we'd've,' and 'they'd've.' And don't forget about 'shouldn't've,' 'couldn't've,' and 'wouldn't've.'

      • Christopher Robert

        Just making an educated guess. Considering it currently eats about 2% of my battery per hour. The best case scenario would be 3%. It obvious it is going to eat more battery. It is going to be constantly scanning your device and sending information back to Google. Thanks for being a dick though.

  • Kamal Muradov

    I've always had this turned off and I've never faced any malware issues. So for the people who are so worried about their battery, just turn it off.

  • deltatux

    Great feature to have, but am concerned about battery drainage as everyone has stated here...

  • http://www.bordersweather.co.uk/ Andy J

    I think the people worried about battery life might be confusing this with a traditional virus scanner, I would expect the "service" runs in the background all the time, much like almost every app on our devices, but will actually only actively do something when an app is launched, I also doubt it will scan EVERY app EVERY time is launched, it would make more sense to scan each app that is launched once a day.

  • Tim242

    I'm glad this can be disabled. I do not need anything running in the background constantly verifying apps.

  • Nex Unit

    (Sight).... and yet ANOTHER wakelcok to filter out on Google Play Services (using Wakelock Detector & Exposed)

    • http://the-jade-domain.com Jaime J. Denizard

      As soon as I saw your comment I went looking for said "Wakelock Detector & Exposed" app. It took me an embarrassing 15 seconds to realize you were referring to the Wakelock Detector app and Xposed. *ashamed*

  • Simon Belmont

    I'm pretty sure Google will not have it just constantly scanning apps all willy-nilly in the background and draining battery life and using up precious CPU cycles. It'll probably have some sort of smart algorithm and/or scan when the charger is connected or after a new app is launched.

    I am actually for this if it provides another layer of security (though I've never had a malicious app on my devices in 5+ years of using Android), but honestly, the best security is to just use common sense when installing apps, download from reputable sources, and read reviews. There's no replacement for common sense.