Recent news has shown that security is increasingly an issue in consumer-facing mobile applications. Many security experts are calling for a more secure infrastructure for mobile app development, maintenance and operations.
Google recently announced advanced features to the built-in security features on Android devices. The intent of the new features is to provide ongoing security measures to protect users and apps from malicious activity.
Verify apps is a built-in security layer that Android already provides its users. It protects users by scanning apps at the point of installation and provides warnings to users if there is suspected malware or other malicious programs within an app. It is important to note that this is particularly important for apps that are downloaded and installed outside of the Google Play store because those have not been pre-screened by Google. According to Google, Verify apps has been used over 4 billion times to check apps and has proven to be quite successful at warning and protecting users.
Verify apps will now continually check devices, even after installation, to ensure that all apps on a device are behaving in a safe manner.
Here’s a use case to consider:
Let’s say a hacker wants to use a malware app to access information on a device. The application’s 1.0 version is non-malicious and passes an initial scan at install. The hacker then emails the unsuspecting user an updated version of the app and tells them they have been selected to participate in a special beta version of an upcoming release. By installing that update that has not been through the Play Store’s pre-screening, the app’s intent can change and exposes the user to the risk of a hack. If the user does not consciously check the app and have it rescanned, they may not know that their information has been compromised until it’s too late. Because Android’s new feature provides an ongoing scan, the malicious activity of the updated app will be recognized and flagged, thereby protecting the user.
We feel that features that protect an app and user in real-time are warranted and we applaud this move by Google. It was a necessary step towards creating a more secure mobile app infrastructure.