Monday, December 23, 2024

Google Confirms Play Store Update, App Deletion Starts In Just 5 Weeks

Must read

Updated July 29 with new Play Store spyware warning.

Google’s mission to make Android more like iPhone on the security and privacy front continues. But even as Google shores up Play Store defenses—a new report published this week makes it clear that dangerous threats still get through. Cue the biggest change of all: Google’s mass deletion of low-quality Play Store apps will net many such threats, and it starts August 31, just five weeks from now.

First to the positives. Google has now confirmed by way of its Chrome team that it is confident enough in Play Store’s Play Protect to end “file might be harmful” warnings for users with Play Protect enabled downloading apps from third-party stores.

ForbesMicrosoft Windows Deadline-Update Your PC By July 30

As Android Authority reports, this update means “[Chrome] will soon use the presence of Play Protect to decide whether to show the alert… While Play Protect initially only scanned new applications that were either uploaded to Google Play by developers themselves or by users when they first sideloaded them, it’s recently been upgraded to perform some app scans on-device in real-time and will soon do even deeper scans using on-device AI. Given these improvements… it’s no surprise the Chrome team now sees the ‘file might be harmful’ warning as unnecessary.”

But now to the negatives. Kaspersky has just warned that it discovered new samples of the dangerous Mandrake spyware on Play Store as recently as April, “while staying undetected by any other vendor.” The team discovered “new layers of obfuscation and evasion techniques” designed to evade detection by Play Store defenses. And if it’s on Play Store, it means Play Protect is not yet able to detect the threat from elsewhere.

All of the malware-laced apps, Kaspersky says “were published on Google Play in 2022 and remained available for at least a year.” These are exactly the type of various, low-quality app that should be picked up by Google’s mass deletion. “According to reviews,” Kaspersky says of one of the apps, “several users noticed that the app did not work or stole data from their devices.”

Mandrake is “a sophisticated Android cyber-espionage platform,” which has been seen repeatedly over the last four years, As for this latest campaign, Kaspersky says “the newest app was last updated on March 15, 2024 and removed from Google Play later that month. As at July 2024, none of the apps had been detected as malware by any vendor, according to VirusTotal.”

If Play Store’s new sweep significantly lessens the treat, as hoped, then attention will turn to side-loading and the third-party stores where such vacuous apps will remain. And while sideloading’s days aren’t over just yet, Google’s Play Store defenses will have expanded to protect even that Wild West as best it can.

Google Play protect isn’t a catch-all, which is why there’s still such a high number of malicious apps making their way onto the store. But once malware is identified, it can look for the same again—and again and again. Albeit it’s proving harder than expected. And if it’s the sweep that removes the threats from Play Store, it means Play Protect won’t necessarily have been updated. Android 15’s live monitoring for suspicious app behaviors, including permissions, will need to plug the gap.

The real focus will be pushing users to view Play Store as their one-stop-shop for apps—and more, per recent updates. Samsung has just upped its own device default restrictions to steer users away from third-party stores or direct downloads, and Google clearly intends to build a better wall around Play Store this year.

The huge decision to delete the many thousands of apps deemed low-quality is more about security and privacy than anything else. It’s this type of vacuous, pointless app that either hides malware or is part of an attack chain that preps a device for malware from a different source, thus bypassing some of these protections.

ForbesTelegram Plays With Fire, Gets Burned-950 Million Users Beware

Google says that apps that will be marked for deletion include those “that are static without app-specific functionalities, for example, text only or PDF file apps, apps with very little content that do not provide an engaging user experience, for example, single wallpaper apps, and apps that are designed to do nothing or have no function. This will have a huge impact on Play Store, and users should be prepared.

And while many longstanding Android users don’t like the implication that Google is moving its OS in Apple’s direction, the reality is that Apple users are substantially better protected against malware than those on Android. Google is playing catch-up.

I have approached Google for any comment on the new Mandrake report.

The days of Android’s Wild West really do seem long gone. Albeit as Kaspersky warns, this latest Mandrake campaign “lurked in the shadows for two years, while still available for download on Google Play.” The risk, they say, “is that stricter controls for applications before being published translate into more sophisticated, harder-to-detect threats sneaking into official app marketplaces.”

Latest article