Google dials up Play Store security—but is it enough?
Google has a serious problem. It designed Android to be not-iPhone—more user choice, more user flexibility. A big part of that choice was to open devices to third-party app stores. But this turned out to be a boon for bad actors and their malware-laced apps. And Google has been trying to shut the stable door ever since.
This week’s serious warning for Android users comes courtesy of ESET, which has flagged “five Arid Viper campaigns targeting Android users;” unsurprisingly, “these campaigns delivered malware via dedicated websites from which victims could download and manually install an Android application.”
Equally unsurprisingly, Android 15 promises new innovations as Google’s mission to better secure Android continues, with the pick being live threat detection, on-device AI to monitor apps for behavioral flags that might indicate malware is at work.
“With live threat detection,” Google says, “on-device AI will analyze additional behavioral signals related to the use of sensitive permissions and interactions with other apps and services. If suspicious behavior is discovered, Google Play Protect can send the app to Google for additional review and then warn users or disable the app.”
The AridSpy trojan detected by ESET is part of a highly targeted campaign. But that’s not the point. What’s important for anyone spending $500 to $1000-plus on a new Samsung or Pixel with Play Store Protect enabled is that you heed its warnings.
Google Play Protect is the best defense against Android malware. Once a threat is confirmed, devices can be protected. Realistically, though, there’s a lag, the time between a new app hitting a store and it being flagged as dangerous. And in that gap, users can be busy downloading, installing and getting infected.
The latest innovation, as discovered in an Android Authority APK teardown, is to force a user to enter a device PIN or complete a biometric unlock before a potentially suspicious new app is installed. This could be a Play Store app that has flagged a warning, or more likely an app downloaded from elsewhere.
Biometric bypass before users can enable risky app installs
“While digging through the Play Store,” Android Authority says, “we found that Google is working on a way to further protect users from malicious APKs. If the Play Store is suspicious of an APK, you’ll now be required to enter a PIN or submit biometric authentication before you’ll be able to install the APK or update an app.”
The above image, the site says, is how this warning will likely look in practice. It will kick in where Google Play Protect hasn’t seen an app or where it has been installed from outside its ecosystem. For example, from “a dedicated websites from which victims could download and manually install an Android application.”
This isn’t a catch-all, of course, which is why Android remains a more risky proposition than iPhone. In the last week we have seen a warning over the stark state of free VPN software on Play Store. And not long before that, we saw an even more alarming report into more than 90 malicious applications uploaded to the Google Play store—applications which have collectively garnered over 5.5 million installs.”
As ever with these teardowns, there’s no guarantee as to when or even if this feature will release, but let’s assume it’s coming given Android 15’s security focus. And when it does, it’s a wake-up call you should not ignore. When you enter that PIN or fingerprint or face scan, you’re installing something that could be a serious risk to your device and your data. You really do need to take these warnings seriously.
Laura Adams is a tech enthusiast residing in the UK. Her articles cover the latest technological innovations, from AI to consumer gadgets, providing readers with a glimpse into the future of technology.
