Think about the ways your home is kept secure. You rely on structural security features—secure locks, a rock-hard foundation, strong windows and doors. You might also have an alarm or video camera to give you an extra layer of security, with a support team behind those tools making them more powerful, all but invisible until the moment you need them.
We have a similar approach to how we deliver security improvements in Android. As part of Android’s foundation, we built safeguards like application sandboxing, which confines apps, minimizing their ability to damage other parts of your phone. But just like your home, Google offers a built-in “service layer” (kind of like the phone equivalent of that alarm service for your home) to most every Android phone and tablet that’s constantly being strengthened, and it’s included for free. We’re adding to that service layer, further fortifying your Android phone or tablet.
Verify apps: now protecting you continually
Building on Verify apps, which already protects people when they’re installing apps outside of Google Play at the time of installation, we’re rolling out a new enhancement which will now continually check devices to make sure that all apps are behaving in a safe manner, even after installation. In the last year, the foundation of this service—Verify apps—has been used more than 4 billion times to check apps at the time of install. This enhancement will take that protection even further, using Android’s powerful app scanning system developed by the Android security and Safe Browsing teams.
Because potentially harmful applications are very rare, most people will never see a warning or any other indication that they have this additional layer of protection. But we do expect a small number of people to see warnings (which look similar to the existing Verify apps warnings) as a result of this new capability. The good news is that very few people have ever encountered this; in fact, we’ve found that fewer than 0.18% of installs in the last year occurred after someone received a warning that the app was potentially harmful.
Even though the risk is miniscule, we’re committed to making sure that the best available security protections are available to all Android users. This includes service-based protections such as Verify apps, as well as security features within the platform itself.
Posted by Rich Cannings, Android Security Engineer