Google is updating Android’s Play Protect malware protection system to help it detect malicious apps that change their identifiable characteristics to avoid detection, the company announced. “This improvement will help better protect users against malicious polymorphic applications that leverage various methods, such as AI, to be altered and avoid detection,” reads Google’s blog post.
The update follows an increase in so-called “polymorphic malware,” which is harder for Google’s existing systems to detect. Now, in addition to comparing newly installed apps to existing scanning intelligence and using techniques like on-device machine learning, Play Protect will also recommend a real-time app scan when installing apps that haven’t been scanned before. After a code-level evaluation, Google will notify the user to tell them whether an app appears safe or potentially harmful.
“This enhancement will help better protect users against malicious polymorphic applications that leverage various methods, such as AI, to be altered to avoid detection.”
Despite the protections, researchers continue to sound the alarm about Android malware discoveries. beepcomputer has reported about several to hack bells in recent months, which often distribute malware disguised as legitimate applications such as YouTube or Chrome, software to which users are likely more willing to grant wide-ranging system permissions. Google’s blog post notes that links to malicious app downloads are often shared through “ephemeral sources” such as messaging apps.
The new scanning feature has already started rolling out in “select countries, starting with India,” Google’s post notes, and will be available in all regions in the coming months.