Google details its malware squashing strategy

You might not know this but Android has an embedded security feature called “Verify apps” which routinely scans newly installed apps to see if they are secure or not. However, there are certain instances when Verify apps is rendered useless.

Some users, for example choose to disable this feature. Therefore, Google has had to get creative in order to continue to hunt for bugs, so it devised an intelligent workaround to this problem.

Devices with disable Verify apps are dubbed Dead of Insecure (DOI) by Google’s security team. There are other reasons why a device could be classified as DOI. For example, the phone or tablet might not be in use anymore or it houses malware which prevents Verify apps from continuing its vigil.

Google classifies devices which have seen installs for unknown sources but continue to check back in with the security system as “Retained”. The search giant then uses the percentage of retained and DOI devices after an app installation to calculate the probability of it being a malicious one.

Google says this algorithm has helped identify more than 25,000 apps as pertaining to different malware families including Ghost Push, Gooligan and Hummingbad.

Once a potentially harmful app has been identified, Google will switch Verify apps on and instruct it to clean up the mess.

Now, if you stick to downloading apps and games from the Google Play Store, you have nothing to worry about, since Verify apps is there doing its job. However, if you decide to venture out of the Play Store ecosystem, things get a little trickier, but Google is hard at work figuring out ways to keep your device malware free.