Google is preparing to launch a new system to help solve the malware problem on Android. Its new live threat detection service leverages Google Play Protect’s on-device AI to analyze apps for malicious behavior. The service, announced after the Google I/O developer event on Tuesday, examines various signals related to an app’s use of sensitive permissions and interactions with other apps and services, the company explains.
If it finds suspicious behavior, Google Play Protect can submit the app to Google for further analysis, as well as warn any users who have the app installed, or even disable it if necessary.
Detection also leverages Google’s Private Compute Core, the Android privacy infrastructure introduced in 2022 that provides an isolated data processing environment within the Android operating system. The idea of Private Compute Core, or PCC, is to give users control over if, how, or when their data is shared. By using PCC, the new live threat detection feature can protect users without collecting their data.
Google says it will roll out the system later this year on Google Pixel devices. Other manufacturers will join it, including Oppo, Honor, Lenovo, OnePlus, Nothig, Transsion, Sharp and more.
The service could help Android users feel more comfortable downloading and using apps from Google Play – although they would undoubtedly prefer not to have downloaded malware in the first place. Instead, they would like malicious apps to be detected during app review. This is an area of focus for Apple, which regularly touts the benefits of its App Store to consumers and developers. While bad actors often slip through its cracks, it weeds out many more through its more intensive review system before allowing them to go live on the App Store. Ahead of I/O, Apple announced it had prevented $1.8 billion in fraud on the App Store, for example.
In addition to the live threat detection service, Google announced that it will hide one-time passwords from notifications, to reduce a common fraud and spyware attack vector. It will also expand Android 13’s restricted settings, which will now require additional user approval to enable app permissions when they sideload apps on their device.
