Google's App Defense Alliance teams up to fight malware on Android

Google Play Protect
Google Play Protect (Image credit: Android Central)

What you need to know

  • Google has formed the "App Defense Alliance."
  • ESET, Lookout, and Zimperium are all part of the new group.
  • The goal of the Alliance is to further combat malware on Android.

Google will partner with three mobile security software makers to improve its ability to catch malware on Android. The new App Defense Alliance will bring Google together with ESET, Lookout, and Zimperium — all makers of endpoint security software for Android mobile devices. Google says these partners were chosen for their success in finding malware and for the recognition they receive from industry analysts.

These new security partners will get direct access to the Google Play Protect screening system to share samples back and forth. Google may share app samples with the vendors and vice versa. When malware is found, it will be flagged and categorized for further handling. Users can also report potential malware directly to the App Defense Alliance, and reporters can give Google a heads-up if a story will reveal an exploit.

Per the Vice President of Android Security & Privacy, Dave Kleidermacher:

Our number one goal as partners is to ensure the safety of the Google Play Store, quickly finding potentially harmful applications and stopping them from being published.As part of this Alliance, we are integrating our Google Play Protect detection systems with each partner's scanning engines. This will generate new app risk intelligence as apps are being queued to publish. Partners will analyze that dataset and act as another, vital set of eyes prior to an app going live on the Play Store.

App Defense Alliance logo

Source: Google (Image credit: Source: Google)

Some potentially harmful apps (PHA) may be allowed to pass through Google Play if they are user-desirable. For instance, apps that root the phone and change the system software are potentially harmful, but if the user understands the risks (or nods and smiles while watching a YouTube tutorial) then the app can be installed. The first time the app is installed, the user will get a detailed description of the risk factors involved and can accept the danger explicitly.

If an app features more than one malware behavior, it will be categorized as both, but Google has a priority system in place to determine which malfeasance is the most disruptive. Google also separates "Unwanted Software," which is not strictly malware but might take unwanted and rude actions like pretending to be another app or offering disruptive advertisements.

Philip Berne