Malicious Android apps are becoming an issue. It seems like once a week I read a story about a new random app that steals personal info from an Android mobile device. Google is aware of this and in an attempt to keep Android safe and protect their own reputation, have started a project to both protect Android devices and stop malicious apps or “malware” from getting posted in the Google Play Market Place.

I consider myself a pretty big Android fan but clearly I am not as fanatical as some recent developers who spend their free time looking into the source code of the new and not yet released Google Play app.

These Developers have spotted text strings in the latest release of the source code inside the Google Play app that indicate that Google is making a built-in anti-malware scanner, tentatively identified as “App Check”, for its Google Play store and for Android devices. It appears that the app will do a few things: it will scan the Google Play store for malicious apps and scan new apps when uploaded to the store to prevent these apps from appearing in the Google Play Market Place. Additionally “App Check” will be installed as part of the Google Play app used for shopping, browsing etc. and will include new functionality to prevent Android devices from downloading or installing malicious apps or “malware”. The app will also find and block these apps if already installed, regardless of the source.

Android devices are capable of downloading apps from third-party sources, a process known as side-loading, in addition to downloading from the Google Play store. The Google Play store implements a security system called Bouncer that does a decent job of detecting malware, but there is no way to tell whether apps from third-party sources are safe or not. It appears that the new malware scanner will be able to scan everything that is downloaded, regardless of source, reducing the risk of accidentally downloading malware.

This feature will likely be implemented sometime in the near future, and many are guessing it will part of the 4.2 “Key Lime Pie” release of Android.

I am impressed that Google is addressing the issue and hopeful that it will help improve Android security. I would also point out that Google is not an anti-malware company so organizations should still consider the need for managing their mobile devices through an MDM or Mobile App Management program.

I work for ContentWatch and all opinions expressed here are my own.