Google Enlists Outside Help to Clean Up Android’s Malware Mess

Android has a bit of a malware problem. The open ecosystem’s flexibility also makes it relatively easy for tainted apps to circulate on third-party app stores or malicious websites. Worse still, malware-ridden apps sneak into the official Play Store with disappointing frequency. After grappling with the issue for a decade, Google is calling in some reinforcements.

Today Google is announcing a partnership with three antivirus firms—ESET, Lookout, and Zimperium—to create an App Defense Alliance. All three companies have done extensive Android malware research over the years, and have existing relationships with Google to report problems they find. But now they’ll use their scanning and threat detection tools to evaluate new Google Play submissions before the apps go live—with the goal of catching more malware before it hits the Play Store in the first place.

“On the malware side we haven’t really had a way to scale as much as we’ve wanted to scale,” says Dave Kleidermacher, Google’s vice president of Android security and privacy. “What the App Defense Alliance enables us to do is take the open ecosystem approach to the next level. We can share information not just ad hoc, but really integrate engines together at a digital level, so that we can have real-time response, expand the review of these apps, and apply that to making users more protected.”

lowest price
made a post
made my day
more about the author
more bonuses
more help
more helpful hints
more hints
more info
more info here
more information
more tips here
moved here
my company
my explanation
my latest blog post
my response
my review here
my sources
navigate here
navigate to these guys
navigate to this site
navigate to this web-site
navigate to this website
next page
no titleofficial site
official source
official statement
official website
on bing
on front page
on the main page
on yahoo
one-time offer
original site
our site
our website
over at this website
over here
pop over here
pop over to these guys
pop over to this site
pop over to this web-site
pop over to this website
published here
read full article
read full report
read here
read more
read more here
read moreÂ…
read review
read the article
read the full info here
read this
read this article
read this post here
read what he said
recommended reading
recommended site
recommended you read
redirected here
related site
right here
secret info

It’s not often that you hear someone at Google—a company of seemingly limitless size and scope—talk about trouble operating a program at the necessary scale.

Each antivirus vendor in the alliance offers a different approach to scanning app files called binaries for red flags. The companies are looking for anything from trojans, adware, and ransomware to banking malware or even phishing campaigns. ESET’s engine uses a cloud-based repository of known malicious binaries along with pattern analysis and other signals to assess apps. Lookout has a trove of 80 million binaries and app telemetry that it uses to extrapolate potential malicious activity. And Zimperium uses a machine learning engine to build a profile of potentially bad behavior. As a commercial product, Zimperium’s scanner works on the device itself for analysis and remediation rather than relying on the cloud. For Google, the company will essentially give a rapid yes or no on whether apps need to be individually examined for malware.

As Tony Anscombe, ESET’s industry partnerships ambassador puts it, “Being part of a project like this with the Android team allows us to actually start protecting at the source. It’s much better than trying to clean up afterwards.”

Setting up those systems to scan new Google Play submissions wasn’t conceptually difficult—everything runs through a purpose-built application programming interface. The challenge was adapting the scanners to make sure they could handle the firehose of apps that will flow through for analysis—likely many thousands per day. ESET already integrates with Google’s malware-removing Chrome Cleanup tool, and has partnered with Alphabet-owned cybersecurity company Chronicle. But all of the App Defense Alliance member companies said the process to create the necessary infrastructure was extensive, and the early seeds of the alliance started more than two years ago.

“Google narrowed down the vendors that they wanted to engage with and everyone did a pretty elaborate proof of concept to see if there’s any added benefit, and if we find more bad stuff together than either of us is able to independently,” says Lookout CEO Jim Dolce. “We were sharing data over a period of a month—millions of binaries effectively. And the results were very positive.”

It remains to be seen whether the alliance will actually catch significantly more malicious apps before they hit Google Play than the company was flagging on its own. Independent researchers have found that many Android antivirus services aren’t particularly effective at catching malware. And all of the alliance members emphasize that increasing Google Play’s defense will only drive malware authors to get even more creative and aggressive about distributing tainted apps through other means. (Don’t forget that these companies all have malware scanners they want to sell you.) But Google’s Kleidermacher emphasizes that the company is confident that the alliance will make a real difference in protecting Android users.

Leave a Reply

Your email address will not be published.