Search This Blog

Showing posts with label Google Play Protect. Show all posts

Google Play Protect Shields Users From Cyberattacks

The leading Android devices all use Google Play Services as a key component. It serves as a link between the Android OS and programs, mostly Google programs and programs from other developers that make use of Google authentication, cloud services, and Game Dashboard.

You could use an Android app that protects users from severe cyberattacks and operates through the official Google Play store called Google Play Protect.

According to a security notice from Google, "Google Play Protect removes apps that have been marked as potentially hazardous because the app actually contains malicious behavior, not only because we are unsure if the app is harmful or not."

Before allowing you to download an app, the feature verifies its security. To deceive users into manually installing the infected files, some of these malicious sites invite victims to download phoney security tools or upgrades.

Four malicious apps were detected by research:
  • Bluetooth App Sender
  • Bluetooth Auto Connect
  • Driver: Bluetooth, USB, Wi-Fi
  • Mobile Transfer: smart switch
More than a million people have downloaded all of the applications together, and they invite a significant danger of identity theft and scams.

"These apps offer capabilities that consumers desire, such as device rooting and other developer features. Users knowingly install these potentially hazardous apps," as per Google.

Essentially Google Play Protect will initially issue a warning about the app's possible dangers when a user starts to install an app that Google has categorized as 'user-wanted.'  Google will not send any more warnings if the user decides to install the program anyhow.

Main functions of Google Play Protect:
  • Verifies the security of downloaded programs from the Google Play store.
  • Detects potentially hazardous programs outside the Google Play store.
  • Warns you about hazardous applications.
  • Removes or disables unwanted applications.
  • Alerts you to apps that break the rules by hiding or making false representations of themselves.
  • Sends you privacy alerts about applications that may request access to your personal information.
  • To protect your privacy, reset your app's permissions.
Google stated in its security note that "after installation, the user-wanted classifications restrict Google Play Protect from delivering additional warnings, so there is no disturbance to the user experience."

The Google Play Services platform also enables Google to push Project Mainline modules, allowing your device to receive security upgrades without having to wait for the producer to release them.

Cybercriminals Tricked Britons into Downloading Flubot Malware


Hackers are mimicking delivery services and sending phishing text messages to Britons in an attempt to get them to download the Flubot malware. It's capable of intercepting messages and stealing financial information. Three, one of the UK's most popular mobile networks, has issued a warning about a phishing scam that has reportedly affected all network operators. “Many people in the UK have been targeted with a text message that looks like it’s from a delivery service, or it may say that you’ve received a voicemail,” the company warned in a blog post.

The message instructs you to install an app in order to monitor a package or listen to voicemail. Some messages claim to be from DHL, Amazon, Asda, and Argos. If a victim is tricked into participating in the malicious campaign, the scammer has access to their entire Android smartphone. This includes the possibility of stealing credit card data and online banking login passwords. 

To evade detection, the attacker disables the Android OS's built-in protection and prevents the installation of many third-party security software packages, which many users would employ to remove unwanted malware. 

First, the victim receives an SMS message impersonating a well-known shipping logistics company, such as FedEx, DHL, or Correos. The message's call to action is for the user to click a link to download and install an app with the same familiar branding as the SMS message, but which is actually harmful and contains the FluBot malware.

FluBot, once installed and given the necessary rights, unleashes a slew of features, including SMS spamming, credit card and banking credential theft, and spyware. The contact list is taken from the device and sent to the threat actor's servers, giving them access to more personal information and allowing them to launch new attacks on other potential victims. 

SMS and notifications from telecom carriers can be intercepted, browser sites can be visited, and overlays can be presented to capture credentials. To prevent detection by the operating system's built-in security, the malicious app also disables Google Play Protect. 

According to Three, this fraud attack has impacted all network operators. Despite the fact that the majority of messages were blocked, a tiny number of Three subscribers may have received them. As a result, the company advises staying aware and being cautious when clicking on any links sent by text message. 

“If your device has been infected with the Flubot malware, you may have been charged for text messages over your plan. If so, we’ll arrange a refund for you as soon as possible,” the company stated.

Google Play Protect Fails Malware Detection Test by AV-TEST


The integrated malware defense mechanism of Google has yet failed again in an Antivirus Lab Test conducted by AV-TEST, which was a rigorous real-world security test. Between January 2021 and June 2021, the play store ranked lowest amongst all the 15 security Android apps examined. 

A test comprising of 15 safety apps on Android devices reported that the system detected only two-thirds of 20,000 harmful apps. Unlike Google Play Protect, the detection rate of applications from firms such as Bitdefender, McAfee, NortonLifeLock, and Trend Micro came out to be as high as 100%. 

During Google I/O in May 2017, Google unveiled Android mobile threat prevention, which works constantly for scanning more than 100 billion apps every day. Google Play Protect is used on billions of devices ever since, and today provides integrated malware security on more than 2.5 billion Android apps. 

In 2017 Google rolled out Google Play Protect, which helped decrease a large number of vulnerability cases on Android in 2018. Nevertheless, recent studies have shown that although Google Play Protect is installed by default, several malware applications might still target consumers. 

Google Play Protect features device capabilities that help maintain security for devices and data. These on-device services include cloud-based elements that enable Google to upgrade its performance consistently. 

Whereas every program that's loaded and opened on the smartphone is continually running and screening, "the endurance test revealed that this service does not provide particularly good security: every other security app offers better protection than Google Play Protect." 

The safety apps had to uncover more than 3,000 new malware samples including 3,000 existing malware samples, each one month old, in complex testing sessions. The AV-TEST reports that only the five programs – Bitdefender, G DATA, McAfee, NortonLifeLock, and Trend Micro – were in real-time able to identify malware with 100% precision. 

In real-time testing and reference set testing, Google Play Protect could only filter 68.8% of harmful apps from 76.6%. However, Ikarus also scored better than Google Play Protect for security, the lowest-rated third-party security app. 

Google didn't perform very well in respect to inaccuracies in malicious application detection. It found 70 applications to be unsafe, with approximately 10,000 more harmless applications for random testing. 

The best approach to be safe is to have one of the Android device's best-rated third-party apps. It is not a prudent option to rely solely on the Google Play Protect, as this exhaustive test by the AV-TEST demonstrates.

Criticism against Google Play Store on the Rise about Malware-Laced Apps

Google Play Store has come in for a serious criticism as of late, with various alerts about malware-laced apps which have frequently been on the store for quite a long time, or even years, and which have been installed by a huge number of users.

This most recent cautioning concerns four VPNs and two selfie apps, with in excess of 500 million installs between them, all of which contain harmful adware and which look for hazardous system permissions that can exact serious harm.

Regardless of significant efforts to clean house the issue stays pervasive and users stay in danger.

Google Play Protect is therefore one storefront intended to make preparations against application vulnerabilities and, in 2018, Google “detected and removed malicious developers faster, and stopped more malicious apps from entering the Google Play Store than ever before. The number of rejected app submissions increased by more than 55%, and we increased app suspensions by more than 66%."
However, once more the warnings still remain that dangerous applications are as yet accessible for install on Google's official store.

First was a notice from security researcher Andy Michael around four Android VPNs that are 'bombarding devices' with false ads—creating income for their operators to the detriment of the organizations setting the advertisements.

Second, was a notice from security researchers at Wandera that two camera filter apps with more than 1.5 million installs between them have been tainting devices with adware.

In any case Google's Android (and Apple's iOS) is making it progressively simple for users to track permissions granted and application misuse now and every user has been informed to take advantage of every one of the protections set up, clicking with caution and keeping their smartphones protected from the would-be-intruders to every extent they can.

This is all in light of the fact that the clever malware attacks still exist out there—and they can be very difficult to detect.

Google updates Google Play Protect

Google has made some significant changes to Google Play Protect for protecting Android users from unwanted and malicious apps.

The company has launched the Google Play Protect feature in 2017, it performs the following functions:

  •  It does a safety check for apps before users download it from the Google Play Store.
  •  It  also checks for potential harmful apps available from the other sources 
  •  It warns and detect potentially harmful apps, and removes malicious apps from your device.
  •  It warns about apps that violate our Unwanted Software Policy by hiding or misrepresenting important information.

In a blog post, Google said that Google Play Protect has protected over 2 billion devices every day.

"Google Play Protect is the technology we use to ensure that any device shipping with the Google Play Store is secured against potentially harmful applications (PHA)," stated Google's blog post. "It is made up of a giant backend scanning engine to aid our analysts in sourcing and vetting applications made available on the Play Store, and built-in protection that scans apps on users' devices, immobilizing PHA and warning users."

Google has enabled Google Play Protect by default for all Google Play users, but a user can also confirm that Google Play Protect is enabled by going into the Play Store, tapping, and tapping Play Protect.