Google Play Brings Another Change With Mass App Removal In Just 5 Weeks
NurPhoto via Getty Images
Updated July 29 with new warning about spyware on the Play Store.
Google’s mission to make Android more like the iPhone in terms of security and privacy continues. But even as Google bolsters the Play Store’s defenses, a new report released this week makes clear that dangerous threats continue to slip through. The biggest change of all: Google’s mass removal of low-quality apps from the Play Store will bring many such threats, and it begins on August 31, just five weeks away.
Let’s start with the positives. Google has now confirmed through its Chrome team that it has enough confidence in the Play Store’s Play Protect to end “file may be harmful” warnings for users with Play Protect enabled who download apps from third-party stores.
ForbesDeadline to update your PC to Microsoft Windows before July 30By Zak Doffman
As Android Authority reports, this update means “[Chrome] Google will soon use the presence of Play Protect to decide whether to show the alert… While initially Play Protect only scanned new apps uploaded to Google Play by developers themselves or by users when they first sideloaded them, it was recently upgraded to perform some on-device app scans in real-time and will soon perform even deeper scans using on-device AI. Given these improvements… it’s no surprise that the Chrome team now considers the “file may be dangerous” warning unnecessary.”
But now for the negatives. Kaspersky just announced that it discovered new samples of the dangerous Mandrake spyware on the Play Store this past April, “while remaining undetectable by any other vendor.” The team discovered “new layers of obfuscation and evasion techniques” designed to evade detection by the Play Store’s defenses. And if it’s on the Play Store, that means Play Protect isn’t yet able to detect the threat coming from anywhere else.
According to Kaspersky, all of the apps containing malware “were published on Google Play in 2022 and remained available for at least a year.” These are exactly the kind of miscellaneous, low-quality apps that should be removed by Google. “According to reviews,” Kaspersky says of one of the apps, “several users noticed that the app was not working or was stealing data from their devices.”
Mandrake is a “sophisticated cyberespionage platform for Android,” which has been seen several times over the past four years. As for this latest campaign, Kaspersky says that “the latest app was updated on March 15, 2024 and removed from Google Play later that month. As of July 2024, none of the apps had been detected as malware by any vendor, according to VirusTotal.”
If the new Play Store cleanup significantly reduces the threat, as is hoped, then the focus will shift to sideloading and third-party stores where such meaningless apps will remain. And while the days of sideloading are not yet over, Google’s Play Store defenses will have expanded to protect even this Wild West as best they can.
Google Play Protect isn’t a catch-all tool, which is why so many malicious apps still end up on the Play Store. But once malware is identified, it can scan for the same malware again and again. Even if that proves harder than you might expect. And if scanning is what removes threats from the Play Store, that means Play Protect won’t necessarily have been updated. Android 15’s live monitoring for suspicious app behavior, including permissions, will need to fill that gap.
The main goal will be to get users to think of the Play Store as their one-stop shop for apps — and more, according to the latest updates. Samsung just tightened its own default restrictions on devices to keep users away from third-party stores or direct downloads, and Google clearly intends to build a better wall around the Play Store this year.
The decision to remove thousands of apps deemed to be of poor quality is primarily a matter of security and privacy. These types of meaningless apps either hide malware or are part of an attack chain that prepares a device for malware attack from another source, bypassing some of these protections.
ForbesTelegram plays with fire and gets burned – 950 million users, bewareBy Zak Doffman
Google says the apps that will be flagged for removal include those “that are static and don’t have specific features, such as apps with only text or PDF files; apps with very little content that don’t provide a compelling user experience, such as apps with only a wallpaper; and apps that are designed to do nothing or have no function. This will have a huge impact on the Play Store, and users should prepare for it.”
And while many longtime Android users don’t like the idea of Google angling its operating system toward Apple, the reality is that Apple users are significantly better protected from malware than Android users. Google is catching up.
I have contacted Google for comment on the new Mandrake report.
The days of Android’s Wild West seem well and truly over. But as Kaspersky points out, this latest Mandrake campaign “sat in the shadows for two years, while it was still available for download on Google Play.” The risk, they say, “is that tighter controls on apps before they’re released will result in more sophisticated and harder-to-detect threats infiltrating official app markets.”
.jpg)
.webp)
0 Comments