Google Reveals How It Finds Malware When Your Device Isn’t Verifying Apps
First, you need to know about How to Google Verify Apps?
On Android Platform App Security, each app has to go during a verification process where Google analysis it for malware virus and malware with the help of its security solution called Verify Apps. As a normal procedure,for app security verify Apps dynamically scans for the Potentially Harmful Apps (PHA) on the device.
But what happens when it stops working to verify apps? There could be a number of reasons behind it and Google has explained them with the solution where it organizes various methods to identify security-related reasons behind your device not verify apps.
On Tuesday, in its Android Developer Blog, Google explain all things in deeply how it performs in such a situation where device is not checking with Verify Apps for security verifications of the apps.
However, sometimes the devices verify apps by checking with stop. Such as a new phone, or, it can mean some of it to buy a non-security related reasons, may be more concerning. When a device to verify by checking with apps closes, it is dead or considered vulnerable (DOI). DOI tools download it to an app with a high enough percentage of DOI apps.
When we considered app as a DOI app?
“An app with a high enough percentage of DOI devices downloading it, is considered a DOI app. We use the DOI metric, together with the other security systems to help decide if an app is a PHA to protect Android users,” reads the blog, which additional explains how Google keep apart between potentially insecure apps and devices. In Additional, when Google discovers any exposures, a patch for Android devices is released with the security update system.
How to Check Particular App is DOI or not?
The process of flagging a DOI app is more of a mathematical equation where a certain score decides if that particular app is DOI or not. The Android Security team has to associate the app install attempts and DOI devices to find apps that harm the device in order to protect the users. If a device keeps reporting app installs and their verification through Verify Apps, it is said to be ‘retained’ and considered safe thereafter. But if a device doesn’t do that, it’s considered potentially dead or insecure (DOI).
Google talk about that ‘an app’s preservation rate is the percentage of all kept devices that downloaded the app in one day. ‘Considering preservation rate as a strong indicator of device’s health, Google tries to maximize that in all possible ways. And for that, Google follows a DOI scorer, which takes the value as guess that all apps should have a similar device preservation rate.
The app preservation rate is calculated using the the following formula, where Z is the DOI score, N is number of devices that downloaded the app, x represents number of retained devices that downloaded the app, and p stands for the probability of a device downloading any app will be held.
In Google’s word, “If an app’s retention rate is a couple of standard deviations lower than average, the DOI scorer flags it.” It further explains that” the DOI score indicates an app has a statistically significant lower retention rate if the Z-score is much less than -3.7. This means that if the null hypothesis is true, there is much less than a 0.01% chances the magnitude of the Z-score being as high. In this case, the null hypothesis means the app accidentally correlated with lower retention rate independent of what the app does.”
DOI score calculation, Google apps to the top of the list of offending DOI to bring action. Following that, check out Google Apps to remove existing apps installations and to prevent future installations of the app. saying that added to company law, Ghost apps that implied Hummingbird posh, and Gooligan is used to identify malware. Usually the affected device reset or permanently abandoned factory. Google it shows trapped and they kill Android devices before going on a spree to block them.
This rigorous process, Google has several verify apps that otherwise should have been pressing may be missed. Google has more than 25,000 apps have been identified for malware using this method that is shared.