Summary Google is testing a built-in malware scanner for APK downloads within Chrome on Android, adding another layer of security beyond Play Protect.

This new feature, currently in Chrome Canary, will scan APK files for malware before installation, potentially reducing reliance on Play Protect for initial checks.

While the feature isn't yet functional and its release date is unknown, its presence in Canary suggests Google is actively developing it.

Your Android device already does a lot to ensure your digital safety. You get to set app-specific permissions to ensure only relevant apps have access to location, camera, microphone, and other critical settings, regular security updates to keep you safe from new exploits and vulnerabilities, Google's Play Protect to regularly check your apps for harmful behavior, and more.

The latter not only scans apps downloaded from the Play Store to ensure they're not harmful, it also regularly checks sideloaded apps already installed on your device for malware.

Chrome on Android, relying on Play Protect, aimed to reduce the frequency of "File might be harmful" alerts for sideloaded APKs last year. The reasoning behind the change was that with Play Protect's ability to scan installed apps, Chrome didn't need to show the warning for each and every download, and it would ideally only show the warning when necessary.

Now, it looks like Chrome on Android might soon stop relying on Play Protect altogether. As highlighted by MSPowerUser (via AndroidAuthority), Google is experimenting with a built-in malware checker for Chrome.

Limited to Canary for now

Currently hidden behind a flag in Chrome Canary, the 'Malicious APK download check' feature "checks APK download on Android for malware," and can be set to Default, Enabled, Enabled Telemetry only, and Disabled. If the tool finds malware or other suspicious elements, it will warn you about it with a prompt.

According to the report, all users with Safe Browsing enabled will have the new APK download check feature enabled by default, while others would likely be able to toggle it from Chrome's Safety check or Privacy and security settings.

The feature doesn't seem to be functional yet, even on Chrome Canary, so we're not entirely certain what new UI elements might surface when scanning APKs. It is also currently uncertain when the feature might land on stable Chrome, but its inclusion within Canary clearly indicates that Google is actively working on the feature — until it lands on stable, users are advised to keep Play Protect enabled for app security.