Linked by Thom Holwerda on Thu 10th Apr 2014 19:56 UTC
Google

Building on Verify apps, which already protects people when they're installing apps outside of Google Play at the time of installation, we're rolling out a new enhancement which will now continually check devices to make sure that all apps are behaving in a safe manner, even after installation. In the last year, the foundation of this service - Verify apps - has been used more than 4 billion times to check apps at the time of install. This enhancement will take that protection even further, using Android's powerful app scanning system developed by the Android security and Safe Browsing teams.

Available for Android 2.3 and up with Google Play - so effectively for every proper Android device out there.

Permalink for comment 587086
To read all comments associated with this story, please click here.
RE: Anti-virus
by oiaohm on Tue 15th Apr 2014 13:47 UTC in reply to "Anti-virus"
oiaohm
Member since:
2009-05-30

Anti-virus is more the wrong term for the constant on-device monitoring android is using. The constant on-device monitoring in android is more a HID( Host Intrusion Detection). This is where the protection system knows what the application it is protecting should be allowed and not allowed todo. Any straying from this will trip it. This include a white list part. White list for application includes like checksums of all the application files.

The security frameworks in Linux already supported constant on-device monitoring of changes. Google did not register a service up until now to receive the messages. Application data should rarely change so quite min overhead from registration. The processing is basically happening in the Linux kernel now and being disregarded. Extra power usage will be very small.

HID solutions are is lighter than an Anti-virus.

Anti-virus are a huge database of threats. HIDs white listing is a list of harmless files. Guess what one is smaller. HIDs ends up way smaller and faster.

However, the same third party app can be used to spread malicious code via different message such as an update or in-app update/purchase.
Basically its this bit the constant monitoring is looking for. Not that a program has a virus. That a program has changed and requires to be rescanned.

So as long as application does not alter there is basically no overhead or min overhead by the android method from the constant monitoring. min overhead being a little bit of extra ram used. CPU time usage should be basically zero for well written android applications.

Reply Parent Score: 2