Google Increases Play Store Security – But Is It Enough?
Google has a serious problem. He designed Android to be No-iPhone – more user choice, more user flexibility. A big part of that choice was opening up the device to third-party app stores. However, this turned out to be a boon for bad actors and their malware applications. And Google has been trying to close the barn door ever since.
This week’s serious warning for Android users comes courtesy of ESET, which has flagged “five Arid Viper campaigns targeting Android users”; unsurprisingly, “these campaigns delivered malware via dedicated websites from which victims could download and manually install an Android app.”
It’s also no surprise that Android 15 promises new innovations as Google’s mission to make Android more secure continues, with Live Threat Detection, an on-device artificial intelligence that monitors apps for behavioral signs that could indicate malware is at work, of choice.
“With live threat detection,” says Google, “on-device AI analyzes additional behavioral signals related to the use of sensitive permissions and interactions with other apps and services. If suspicious behavior is detected, Google Play Protect may send the app to Google for further review and then warn the user or disable the app.”
The AridSpy Trojan detected by ESET is part of a highly targeted campaign. But that’s not the point. For anyone spending $500 to $1,000 plus on a new Samsung or Pixel with Play Store Protect enabled, it’s important that you heed his warning.
Google Play Protect is the best defense against Android malware. Once the threat is confirmed, the device can be protected. But in reality, there is a lag, the time between when a new app hits the store and it is flagged as dangerous. And in this gap, users can be busy downloading, installing and infecting.
The latest innovation as discovered in an Android Authority APK revocation is to force the user to enter a device PIN or complete a biometric unlock before installing a potentially suspicious new app. It could be the Play Store app that flagged the warning, or more likely an app downloaded from somewhere else.
Biometric bypass before users can allow risky app installations
“While browsing the Play Store,” Android Authority says, “We’ve discovered that Google is working on a way to further protect users from malicious APK files. If the Play Store is suspicious of an APK, you will now need to enter a PIN or submit a biometric verification before you can install the APK or update the app.”
The image above, the website says, is what this warning will likely look like in practice. It will run where Google Play Protect hasn’t seen the app, or where it’s been installed outside of its ecosystem. For example, from “specialized websites from which victims can download and manually install an Android application.”
Of course, that’s not all, which is why Android remains a riskier solution than the iPhone. In the past week, we’ve seen warnings about the dire state of free VPN software on the Play Store. And not long before that, we saw an even more disturbing report of more than 90 malicious apps uploaded to the Google Play store — apps that collectively racked up more than 5.5 million installs.”
As always with these shutdowns, there’s no guarantee when or even if this feature will be released, but let’s assume it will come given the security focus of Android 15. And when it does, it’s a wake-up call you shouldn’t ignore. When you enter that PIN or fingerprint or face scan, you’re installing something that can pose a serious risk to your device and your data. You really need to take these warnings seriously.