Today, we are making Google Play Protect’s security capabilities even more powerful with real-time scanning at the code-level to combat novel malicious apps. Google Play Protect will now recommend a real-time app scan when installing apps that have never been scanned before to help detect emerging threats.
Scanning will extract important signals from the app and send them to the Play Protect backend infrastructure for a code-level evaluation. Once the real-time analysis is complete, users will get a result letting them know if the app looks safe to install or if the scan determined the app is potentially harmful. This enhancement will help better protect users against malicious polymorphic apps that leverage various methods, such as AI, to be altered to avoid detection.
There’s a lot you can say about these kinds of security tools, but with how much access our smartphones have to our data, banking information, credit/debit cards, and so on – I don’t think it’s unreasonable at all for Google (and Apple, if they are forced to enable sideloading by the EU) to employ technologies like these. As long as the user can still somehow bypass them, or disable them altogether, possibly through some convoluted computer magic that might scare them, I don’t see any issues with this.
…that is, assuming it won’t be used for other ends. The step from “scanning for malware” to “scanning for unapproved content” like downloaded movies or whatever isn’t that far-fetched in today’s corporate world, and if totalitarian regimes get their hands on stuff like that, it could get a lot worse.
I have no issue with antivirus for android, but it’s kind of funny that microsoft operating systems were so heavily criticized for this and now others including apple and google are implicitly agreeing that AV is useful for their users too.
My problem with this is not that Google includes an AV in Android (criticizing MS for being targeted by cybercriminals was never a good argument). My problem is that this AV works in the cloud, uploading the behaviour of your apps (and thus what you do with them) to servers you have no control over. This has actually been a trend for a few years with malware analysis, and I understand the benefit of it for both the AV editors and users, but it still gives me that uneasy feeling in the guts. The “making the product better from crowd data” could be subjected to consent, while local execution of the analysis would still be possible. But I guess too few people still care for that kind of details.
Is it at least opt-out without loosing all of play protect features ?