Google dials up Play Store security—but is that enough?
Google has a serious problem. He designed Android to be NO-iPhone—more user choice, more user flexibility. A big part of that choice was opening up the devices to third-party app stores. But this turned out to be a boon for bad actors and their associated malware applications. And Google has been trying to close the stable door ever since.
This week’s serious warning for Android users comes from ESET, which has flagged “five Arid Viper campaigns targeting Android users;” surprisingly, “these campaigns distributed malware through dedicated websites from which victims could manually download and install an Android app.”
Equally surprising, Android 15 promises new innovations as Google’s mission to better secure Android continues, with the choice being live threat detection, on-device AI to monitor apps for behavioral flags that might indicate malware is In work.
“With live threat detection,” Google says, “on-device AI will analyze additional behavioral signals related to the use of sensitive permissions and interactions with other apps and services. If suspicious behavior is detected, Google Play Protect may send the app to Google for additional review and then warn users or disable the app.”
The AridSpy Trojan discovered by ESET is part of a highly targeted campaign. But that is not the point. What’s important for anyone spending $500 to $1,000 more on a new Samsung or Pixel with Play Store Protect enabled is to heed its warnings.
Google Play Protect is the best protection against Android malware. Once a threat is confirmed, devices can be protected. In reality, though, there’s a lag, the time between a new app hitting a store and it being flagged as dangerous. And in that gap, users can be busy downloading, installing and infecting.
The latest innovation, as revealed in a Android Authority APK jailbreak is to force a user to enter a device PIN or complete a biometric unlock before installing a new potentially suspicious app. This could be a Play Store app that has flagged a warning, or more likely an app downloaded from somewhere else.
Biometric bypass before users can enable dangerous app installations
“While digging through the Play Store,” Android Authority says, “we discovered that Google is working on a way to further protect users from malicious APKs. If the Play Store suspects an APK, you’ll now be prompted to enter a PIN or submit biometric authentication before you can install the APK or update an app.”
The image above, the site says, is what this warning will look like in practice. It will start where Google Play Protect hasn’t seen an app or where it’s installed outside of its ecosystem. For example, from “a dedicated website from which victims could manually download and install an Android application.”
Of course, that’s not all, which is why Android remains a riskier proposition than the iPhone. In the last week we’ve seen a warning about the grim state of free VPN software on the Play Store. And not long before that, we saw an even more alarming report of more than 90 malicious apps uploaded to the Google Play store — apps that have collectively racked up over 5.5 million installs.”
As always with these disruptions, there’s no guarantee when or even if this feature will be released, but let’s assume it will come given the security focus of Android 15. And when it does, it’s a wake-up call that shouldn’t be ignore it. When you enter that PIN or fingerprint or face scan, you’re installing something that could be a serious risk to your device and data. You really should take these warnings seriously.