Way back when Android 4.2 Jelly Bean was released, Google added a feature called Verify Apps that sought to protect users who inadvertently may have downloaded a piece of malware and attempted to side-load it onto their phone. The service, which is enabled by default on all Android devices, scans apps that are installed from sources other than the Play Store, and warns the user if they may be potentially harmful.
It’s so silent and unobtrusive, most users don’t even know Verify Apps is running, which also means they don’t know when it’s not running. As Google explains in a blog post, that could be the result of an app that has snuck by its gate-keeping and purposefully turned it off, opening the door for potential problems. Google calls these devices Dead or Insecure (DOI), and in turn, if an app has a high percentage of DOI devices downloading it, it will be considered a DOI app. That’s where Google’s security wizardry comes into play.
As software engineer Megan Ruthven explains, Google has developed a metric “to identify the security-related reasons that devices stop working and prevent it from happening in the future.” If a device has stopped using Verify Apps, Google dives into the apps that device has installed and checks their retention rate—the number of devices that have downloaded a particular app with Verify Apps switched on—to come up with a DOI score. If the app has a low score, meaning a high number of devices without Verify Apps has downloaded it in one day, Google will investigate further, and take steps to remove and block future installation if necessary.
Google says it has flagged more than 25,000 DOI apps to be part of the Hummingbird, Ghost Push, and Gooligan malware families “because they can degrade the Android experience to such an extent that a non-negligible amount of users factory reset or abandon their devices.” As Ruthven writes, without the DOI score, “many of them would have escaped the extra scrutiny of a manual review.”
To check if your device has Verify Apps turned on, go to the Security tab in Settings (or in the Google tab on Pixels and some other phones), and make sure the Scan device for security threats toggle under Verify apps has been turned blue.
The impact on you at home: We read a lot about malware on our Android devices, but we don’t always hear what Google is doing about it. This blog post is a fascinating look at how Google is monitoring the Android community to find and flag potentially harmful apps and keep our devices safe. However, just as Google will keep coming up with ways to fight them, malware apps will continue to be a threat, and as always, the best way to avoid them is to strictly download from the Play Store and other trusted sources.