Harmful apps in Google Play have slim chance to get on users' devices

Jul 2, 2014 15:19 GMT  ·  By

The current picture painted by security researchers for the apps in Google Play is quite dire, with constant reports that risky software is available to the users.

Speaking to journalists before the Google I/O conference for developers, lead engineer for Android security, Adrian Ludwig, said that the average user with an antivirus solution on their phones is likely to get no additional protection, according to Sydney Morning Herald.

Security industry reports created the general perception that Google Play hosts numerous apps that are potentially harmful, when compared to the human-curated App Store.

Ludwig dismisses these reports as misleading and offering truncated information, since they do not present figures with the number of users that were actually affected by the harmful software.

“And in practice most people will never see a potentially harmful application from our data ... [in fact] most people won't even know someone who has ever installed a potentially harmful application. So ... I believe it is an overstated risk.” Sydney Morning Herald quotes him as saying.

Indeed, most security reports regarding users affected by malicious Android apps refer to software downloaded from alternative marketplaces, with the users’ consent. By default, Android approves installation of apps only from locations that are considered secure.

Having more potentially harmful apps in the store increases the chances of someone getting it installed on the Android device, even if the risk is just theoretical.

On the other hand, security in Google Play is not as lax as described in the media. Automated systems, such as the internal malware scanner Bouncer, are quite efficient at rooting out malicious apps.

Google strengthened the app verification process recently, following an analysis of Google Play that revealed that thousands of apps had secret tokens embedded in the source code.

The research involved decompiling more than 880,000 apps with a special utility called PlayDrone. Some of the tools used during the project are now employed by Google.

As a result of crawling Google’s marketplace, PlayDrone revealed that 25% of the content is duplicate.

The lead engineer for Android security said that more than 99% of the users have no need for an antivirus solution on their device, although in some cases such software can provide warnings about threats.

“I don’t think 99 per cent plus users even get a benefit from [anti-virus],” and “there’s certainly no reason that they need to install something in addition to [the security we provide],” the engineer was quotes as saying.