Google in its latest, and probably the most important announcement for Google Play Store security, has informed about the creation of the App Defense Alliance. This Alliance brings the industry’s leading mobile security providers onboard with Google Play Protect. The App Defense Alliance is a collaboration between Google, ESET, Lookout, and Zimperium. The App Defense Alliance was created to ensure the safety of the Google Play Store. Google and its partners aim to quickly find Potentially Harmful Applications (PHAs)
and take the appropriate action to protect users.
Google Play Store which was first introduced as Android Market, is designed on the lines of Apple’s App Store. The Play Store has a wide range of offerings – games, apps, books, music, TV shows, movies and much more at your fingertips. But this is only the icing on the cake; Google Play Protect is the cherry on top.
Google Play Protect is Google’s built-in malware protection which scans and verifies billions of downloaded apps every day. It helps keep your Android device(s) secure by running safety checks on Google Play Store apps before you download them, and raises an alert if any PHA is found. This ensures that PHAs are stopped even before they make it to the Google Play Store.
This alliance is going to be a give and take relationship. The App Defense Alliance partners can send a request to the Google Play Protect scanner service for analyzing it. The scanner service then sends back the scan results directly to the partner. But as we mentioned it’s two-way traffic. Google Play Protect scanners can also send requests to partner’s scanner services and receive results from their scan engines. This helps in creating an advanced app security and risk mitigation. Based on the combined scan results it can further be decided whether a certain app can be published on Google Play Store or not.
In Google’s Security Blog, Dave Kleidermacher, VP, Android Security & Privacy said, “Our number one goal as partners is to ensure the safety of the Google Play Store, quickly finding potentially harmful applications and stopping them from being published.
As part of this Alliance, we are integrating our Google Play Protect detection systems with each partner’s scanning engines. This will generate new app risk intelligence as apps are being queued to publish. Partners will analyze that dataset and act as another, vital set of eyes prior to an app going live on the Play Store.”
Speaking about the partners involved in the App Defense Alliance, he further adds, “All of our partners work in the world of endpoint protection and offer specific products to protect mobile devices and the mobile ecosystem. Like Google Play Protect, our partners’ technologies use a combination of machine learning and static/dynamic analysis to detect abusive behavior. Multiple heuristic engines working in concert will increase our efficiency in identifying potentially harmful apps.
We hand-picked these partners based on their successes in finding potential threats and their dedication to improving the ecosystem. These partners are regularly recognized in analyst reports for their work.
Knowledge sharing and industry collaboration are important aspects in securing the world from attacks. We believe working together is the ultimate way we will get ahead of bad actors. We’re excited to work with these partners to arm the Google Play Store against bad apps.”