Google is taking a major step toward improving Android security, expanding its malware scanning to include sideloaded apps.
Google Play Protect already provides protection for Android users, scanning apps on phones that have Google Play Services installed. The company is now expanding that protection even more, scanning sideloaded apps — apps installed outside the Play Store — in real-time when they are installed.
The company announced the change in a blog post:
Today, we are making Google Play Protect’s security capabilities even more powerful with real-time scanning at the code-level to combat novel malicious apps. Google Play Protect will now recommend a real-time app scan when installing apps that have never been scanned before to help detect emerging threats.
Scanning will extract important signals from the app and send them to the Play Protect backend infrastructure for a code-level evaluation. Once the real-time analysis is complete, users will get a result letting them know if the app looks safe to install or if the scan determined the app is potentially harmful. This enhancement will help better protect users against malicious polymorphic apps that leverage various methods, such as AI, to be altered to avoid detection.
Jurisdictions have increasingly been forcing Google and Apple to allow application sideloading. It’s encouraging to see Google embracing that reality by ensuring customers who take advantage of that option are still protected.