Google dials in Play Store security, but is that enough?
Google has a serious problem. It designed Android not-iPhone: more user choice, more user flexibility. A big part of that choice was to open up devices to third-party app stores. But this turned out to be a boon for bad actors and their malware-laced apps. And since then, Google has been trying to close the stable door.
This week’s serious warning for Android users comes courtesy of ESET, which has flagged “five Arid Viper campaigns targeting Android users”; Unsurprisingly, “these campaigns delivered malware through special websites where victims could download and manually install an Android application.”
Nor is it surprising that Android 15 promises new innovations as Google’s mission to make Android more secure continues, with options like live threat detection and on-device AI to monitor apps for behavioral flags that could indicate malware is at work.
“With live threat detection,” Google says, “on-device AI will analyze additional behavioral signals related to the use of sensitive permissions and interactions with other apps and services. If suspicious behavior is discovered, Google Play Protect may send the app to Google for additional review and then alert users or disable the app.”
The AridSpy trojan detected by ESET is part of a highly targeted campaign. But that’s not the point. What’s important for anyone spending $500 to $1,000 or more on a new Samsung or Pixel with Play Store Protect enabled is that you heed its warnings.
Google Play Protect is the best defense against Android malware. Once a threat is confirmed, devices can be protected. Realistically, though, there’s a lag: the time between a new app hitting the store and it being flagged as dangerous. And in that hole, users can be busy downloading, installing, and getting infected.
The latest innovation, as discovered in a Android Authority APK teardown is to force a user to enter a device PIN or complete a biometric unlock before installing a potentially suspicious new app. This could be a Play Store app that has a warning flagged, or more likely an app downloaded from somewhere else.
Biometric bypass before users can enable risky app installations
“While browsing the Play Store,” Android Authority says: “We discovered that Google is working on a way to further protect users from malicious APKs. If the Play Store finds an APK suspicious, you will now be required to enter a PIN or submit biometric authentication before you can install the APK or update an app.”
The above image, the site says, is what this warning will likely look like in practice. It kicks in where Google Play Protect has not seen an app or where it has been installed from outside its ecosystem. For example, from “a special website where victims can download an Android application and install it manually.”
Of course, this isn’t a blanket proposition, which is why Android remains a riskier proposition than iPhone. Over the past week we’ve seen a warning about the grim state of free VPN software on the Play Store. And not long before that, we saw an even more alarming report of more than 90 malicious applications uploaded to the Google Play Store – applications that collectively racked up more than 5.5 million installs.”
As always with these teardowns, there’s no guarantee as to when or even if this feature will show up, but let’s assume it’s coming given Android 15’s security focus. And if it does, it’s a wake-up call that you should not ignore. When you enter that PIN, fingerprint, or facial scan, you’re installing something that could pose a serious risk to your device and your data. You really need to take these warnings seriously.