Malicious and fake Android apps have consistently been in the news recently, and in order to combat that, Google is expanding its Verify Apps service. Verify Apps, which has been around since 2012, will now periodically scan already installed applications and will also monitor programs that are from third-party marketplaces. While this may not address the issue of bogus apps, it will help to protect
against actual viruses.
Users have allowed Verify Apps to monitor 4 billion app installations since 2012, Google says, and even though malicious apps are not common, the service has protected devices. Rather than taking the control away from a user, Verify Apps simply informs someone that an app may be dangerous, which Google says is an effective way to curb malicious installations.
When comparing iOS and Android it is easy to see that Google's mobile operating system is more open, but is also more susceptible to attacks. Apple has always taken a "walled garden" approach to its app store by scanning every new app before it is introduced, as well as each update that is applied to it. By vigorously monitoring apps and preventing installs from other marketplaces (unless a phone is "jailbroken"), iOS is generally safer.
Things are beginning to change however, now that Google is confronting the issue of malicious apps with its scanning services. Android may account for the majority of app-related viruses, but according to some reports, only 0.1 percent of the infected apps are found in the Google Play Store.
The new Verify Apps service will continuously check programs no matter where they are from, ensuring that Android devices are more protected. Google says that even though more people will encounter the app warnings, they will still be rare.
"Because potentially harmful applications are very rare, most people will never see a warning," wrote Google. "The good news is that very few people have ever encountered this; in fact, we've found that fewer than 0.18 percent of installs in the last year occurred after someone received a warning that the app was potentially harmful."
Only a few days ago it was discovered that one of the most popular paid apps on Google Play was actually fake, yet it was able to pull in an estimated $40,000 from users who thought it was working. Virus Shield, an app that claimed to protect devices against viruses, actually did nothing of the sort. Although its creators are now claiming that a developer accidentally published the app before it was finished, Virus Shield highlights the fact that users receive insufficient protection against bogus apps on the Play Store.
We asked Charles King, principal analyst at Pund-IT, for his view on the Virus Shield issue and how Google should go about monitoring its app store in the future. He told us that Apple's more-thorough approach would make sense.
"Apple's process of scanning/verifying apps seems like a reasonable approach, but since the company also charges developers substantially more than Google it also has more cash to throw at the problem," King said. "App store owners may decide that weathering the occasional embarrassing incident makes better business sense than scanning tens of thousands of apps that will, in the end, drive very little in the way of sales or profits."