The App Defense Alliance takes up the fight against malware

Google is enlisting the help of three mobile security companies to heighten Android defenses across its app store, Google Play.

Companies ESET, Lookout, and Zimperium, are to join Google in the new partnership, which has been referred to as the App Defense Alliance.

Members will be able to review apps before they are published by integrating their scanning technologies with Google’s Play Protect that currently scans apps for malicious code before users download them.

Play Protect also scans users' devices for malicious apps and comes alongside Google's pre-store Bouncer defense technology.

The aim of the App Defense Alliance is to remove any malicious apps before they become publicly available and streamline the process of securing the Android ecosystem.

“[The integration] will generate new app risk intelligence as apps are being queued to publish. Partners will analyze that dataset and act as another, vital set of eyes prior to an app going live on the Play Store,” read the announcement from Google earlier this month.

Defensive partnership

Earlier this year, Google reported (PDF) that 0.04% of downloads from Google Play in 2018 were potentially malicious – a 100% year-over-year growth amounting to about 30 million potentially harmful downloads.

In October alone, Google removed 172 harmful apps from Google Play that had collectively amassed more than 330 million downloads. There are nearly three million apps on the Android market.

Each Alliance member will bring its own unique technologies to the fight against malware and discovery of security vulnerabilities.

ESET has a cloud-based repository of known malicious binaries. It also uses machine learning and what it calls “DNA detection” to spot undocumented malware and malicious behavior. In October, ESET researchers exposed 42 adware-infected apps that had been downloaded more than eight million times.

“Partnering with Google in the App Defense Alliance enables our award-winning detection technology to be used proactively by providing our determination on whether an app is malicious before being listed in the Google Play Store,” Tony Anscombe, global security evangelist and industry partnership ambassador for ESET, told The Daily Swig.

Lookout has a security cloud powered by an app telemetry system that has visibility into more than 170 million devices worldwide. This enables the company to spot malicious behavior and evolving threats that haven’t been discovered yet.

Check out the latest mobile security news and breaches

Earlier this year, Lookout researchers helped disable an Android botnet malware that persisted on thousands of devices despite having been removed from Google Play.

Zimperium’s mobile endpoint security tool uses an on-device machine learning engine to detect malicious app attacks and harmful behavior. In June, Zimperium reported severe security flaws in top banking apps, which put user data at risk.

It’s still unclear how effective the new effort will be in blocking the entrance of malicious apps into Google Play and the very fragmented Android landscape.

Just last week, security firm Kryptowire discovered 146 vulnerabilities in pre-installed apps on devices from 29 different vendors.

Android device vendors ship their own versions of the operating system and bundle them with pre-installed apps.

Firms in the Alliance will have to review thousands of new apps every day, which will require an adjustment of resources.
It’s also worth noting that the Alliance does not have visibility into alternative app stores. Google Play in China is censored, for instance.

Google Play Protect will still be able to scan those apps after installation for users who have enabled it.

YOU MIGHT ALSO LIKE 5G creates ‘SIM-jacking on steroids’ threat