Google has explained how it scans apps in the Android and Google Play Stores for malware, intending to keep users’ devices as secure as possible.
In a blog, software engineer Megan Ruthven explained that its Verify apps program “checks if there are Potentially Harmful Apps (PHAs) on your device,” adding that if a PHA is indeed found, “Verify apps warns the user and enables them to uninstall the app”.
However, there are occasions when devices stop checking with Verify apps. Although this could be the result of a non-security issue, like purchasing a new smartphone, it could also be down to a more problematic issue.
Ms Ruthven explained that when a device stops checking with Verify apps, the company considers it “Dead or Insecure (DOI)”. According to Google, an app that has “a high enough percentage of DOI devices downloading it, is considered a DOI app”.
The company then uses the “DOI metric, along with the other security systems to help determine if an app is a PHA to protect Android users”.
Ms Ruthven said: “With these factors in mind, we then focus on ‘retention’. A device is considered retained if it continues to perform periodic Verify apps security check ups after an app download.
“If it doesn’t, it’s considered potentially dead or insecure (DOI). An app’s retention rate is the percentage of all retained devices that downloaded the app in one day. Because retention is a strong indicator of device health, we work to maximise the ecosystem’s retention rate.”
Google then uses an app DOI scorer, which assumes that all apps should have a similar device retention rate. Ms Ruthven said that if an app’s retention rate is a “couple of standard deviations lower than average, the DOI scorer flags it”.
If an app has a high DOI score, Google combines it with other information to establish whether it should be considered a PHA. If it is, Verify apps is used to “remove existing installs of the app and prevent future installs of the app”.