Skip to main content

Google’s virus-scanning Verify Apps feature for Android now reveals its secrets

quadrooter exploit qualcomm chips android devices flaw
Googls’ Verify Apps feature is a valuable tool against folks who mean your phone — and the data it contains — serious harm. Since the Mountain View, California-based search giant introduced it in 2012 as a part of Android version 4.2 Jelly Bean’s new security feature, Verify Apps has played an active roll in checking Android software against a growing database of malware, exploits, and other nasty viruses. But it’s done so a little too quietly for some folks’ taste, apparently. That’s why in the interest of transparency, Verify Apps will begin reporting a list of the apps it’s most recently scanned.

It’s a change first spotted by Android Police. A new version of Verify Apps shows the four applications that have been most recently scanned in a carousel menu, accessible by launching the Android Settings menu, tapping the Google option, and selecting the Security tab. Other newly exposed details include the time when the scan was completed, along with a toggle that “improves detection” by permitting Google to copy unknown apps and an option to disable Verify Apps altogether.

According to Android Police, the update is being delivered as part of a new Google Play Services, a core Android component that synchronizes contacts, provides access to privacy settings, powers location-based services, and updates Google apps. Devices with version 10.0.x of the service lack the new carousel and settings menu, but those running 10.2.x do have it. Updates to Google Play Services are distributed via the Google Play Store, Android’s app marketplace.

At the RSA security conference in San Francisco on Wednesday, Google announced that Verify Apps scans more than 750 million Android devices each day, checking as many as 6 billion apps for malware.

But that’s not all Google’s been doing to ensure Android devices remain safe and secure. The search giant has worked with 351 wireless carriers to improve the time it takes to test security patches before deploying them to users, an effort that’s resulted in a reduction of the software approval process from six to nine weeks to just a week. It’s doled out $1 million to independent security researchers, an amount that’s on track to reach $2 million next year. And it’s pursued an aggressive strategy of encryption — as of December 2016, 80 percent of Android 7.x (Nougat) users use encryption.

Adrian Ludwig, director of Android security at Google, said social engineering — attacks that fool a user into installing an app that compromises his or her device’s security — as one of the biggest challenges facing app developers today.

“People don’t want to think about security,” he told members of the press at Wednesday’s RSA conference. “They just want it to be that way.”

Editors' Recommendations