Google is adding another layer to Android’s security, rolling out a new enhancement to the mobile operating system’s “service layer” that performs continuous application scans for malicious code.
Android security engineer Rich Cannings announced the expanded security measures in a blog post introducing the added security service, which is an extension of Android’s existing Verify Apps protocol. Android’s app scanning system already scans new applications for malware upon initial download, whether the apps come from the Google Play Store or a third-party app store. Now Google will have the option to scan the apps to make sure they’re “behaving in a safe manner, even after installation.”
The new security system will aid in uncovering malicious applications that have slipped through Google’s initial scan, based on whatever new mobile security information comes to light.
“Even though the risk is miniscule, we’re committed to making sure that the best available security protections are available to all Android users,” Cannings wrote. “This includes service-based protections such as Verify Apps, as well as security features within the platform itself.”
According to Cannings, the Verify Apps protocol has performed more than 4 billion scans during app installation, and only 0.18% of installs in the last year occurred after someone received a warning that the app was potentially harmful. The new measures will display the same “verify app warning” if potentially dangerous code is detected.
For more information on Android security measures, check out this blog post on other techniques Android employs to combat malware.