How does Google determine that the apps on Google Play are safe?


One of the standard pieces of advice that is given about improving security and avoiding malicious apps on Android devices is to only download applications from a trusted source, which means Google Play, and to a lesser extent Amazon’s app store. But how does Google ensure that the apps on Play are safe? They obviously don’t have the time or inclination to perform a code review on every new app that is submitted. Do they do something similar to what an antivirus program does on a PC and scan them using heuristics?

Topic: Security
Answer this Question


2 total
Vote Up (5)

Travis had a good answer, but this article might also be of interest to you.

Google to Verify Android Apps in JellyBean Update

"Users with Android 4.2 (Jelly Bean) devices will have the option of scanning apps installed on their devices to identify malicious apps, Google engineer Michael Morrissey wrote in a Google+ post on Wednesday. The new mechanism would complement the existing Bouncer technology, which scans apps as they are uploaded to Google Play to detect and remove malicious apps, by scanning apps as they are installed on the device.

"We will check for potentially harmful applications no matter where you are installing them from," wrote Morrissey, a member of the Android Security team."

Vote Up (5)

Since 2011, Google has been scanning all apps with Bouncer as they are uploaded to Play and then randomly afterwards. Bouncer does two main things. First, it looks for matches to known malware signatures and, second, it runs the apps in sort of an Android VM to make sure it doesn’t do anything to take advantage of Android in a malicious way. I assume Amazon does something similar, but I don’t know for sure. You can read more about Google security measures on their security blog.

Ask a question

Join Now or Sign In to ask a question.
EBay faces a class action suit in a U.S. federal court over a security breach earlier this year.
A vulnerability broker published a video demonstrating one of several flaws it has found in the privacy-focused Tails operating system, which is used by those seeking to make their Web browser harder to trace.
Juniper Networks has divested its mobile security product line, selling the assets to a private equity firm for $250 million.
Six people have been indicted on charges of running an international ring that resold tickets bought through compromised StubHub accounts for some of New York's biggest concerts and sporting events.
Dutch intelligence services can receive bulk data that might have been obtained by the U.S. National Security Agency (NSA) through mass data interception programs, even though collecting data that way is illegal for the Dutch services, the Hague District Court ruled Wednesday.
The TOR Project thinks it has figured out how the author of a canceled Black Hat talk cracked its software to mask the source of Internet traffic, and it is working on a patch.
Businesses wanting the security of BlackBerry Enterprise Service 10 without the complexity of managing it onsite can now buy it as a hosted service from six BlackBerry partners.
A ransomware threat that encrypts files stored on the SD memory cards of Android devices has been updated to target English-speaking users with FBI-themed alerts.
A vulnerability in a web-based graphics system led to a breach of The Wall Street Journal's network by a hacker, the newspaper acknowledged late Tuesday.
A company that specializes in selling information on software vulnerabilities has reignited a debate over the handling of such information, especially when it pertains to privacy-focused tools.

White Papers & Webcasts

Webcast On Demand

Transform Your IT Service Management

Sponsor: EasyVista

See more White Papers | Webcasts

Join us: