Verify Apps is one of the features that is available on every Android device that supports Google Play. This feature acts as a safeguard against malware as it scans newly downloaded applications to make sure they’re safe.
Unfortunately, some malware are able to bypass Verify Apps. So how is Google able to track down these silent malware? Google has given us a sneak peak into how the system works, and it is a fascinating one to read.
In order to keep track of malware that manages to slip past Verify Apps, Google actively keeps tabs on applications after they are installed by transmitting data between the device and Google’s servers. Should the application manage to sever communications between the device and Google, Google’s engineers would label the device as Dead or Insecure (DOI).
As Google’s servers constantly transmit data to Android device, Google’s engineers are able to detect a number of of devices that have disconnected after a certain app is installed. Once a certain threshold is reached, Google engineers would proceed to examine the app itself to make sure that it does not contain malware. The threshold is calculated as follows:
By using this technique, Google claims that it has caught and flagged around 25,000 apps that use the Hummingbird, Ghost Push and Gooligan family of malware. While Google’s method of combating malware is rather effective, Android users should still remain vigilant when it comes to downloading unknown apps.
Source: Google Blog