Google is eagle-focused on protecting the Android ecosystem from malicious and potentially harmful apps or malware. This security effort centers on its Verify Apps malware scanner and a scoring system that addresses potential issues before they cause headaches on Android-powered devices.
In a blog post this week, the tech behemoth's software engineer Megan Ruthven revealed how the company discovers vulnerabilities and solves them early on using a metric and its other security systems. The company's scoring system called Dead or Insecure (DOI) has played an important role in blocking the spread of rooting malware Ghost Push and Gooligan and click-fraud threat Hummingbad.
Google introduced the Verify Apps feature when it released Android 4.2 Jelly Bean. The scanner and scoring system flags any malware that users may have downloaded to their devices. This service comes pre-installed on all Android purchase upon purchase.
Verify App runs on all Android devices without the knowledge of users. Sneaky malware or PHAs can turn off the Verify App, opening the door for more problems. Affected devices are termed by Google as DOI. This is where the DOI metric comes to the rescue. The DOI metric helps Google's security team determine if an app is a PHA. Security update system patches only come into the picture when vulnerabilities are discovered.
The Android Security team developed an algorithm or a scorer to correlate app install attempts and DOI devices. This score focuses on the retention rate of a device which needs to perform periodic Verify Apps security check after an app download. Devices that have lower than average deviations in retention rate are automatically flagged by the DOI metric.
Google's DOI scorer has flagged over 25,000 of apps in the Ghost Push, Gooligan and Hummingbad families. These PHAs are potentially harmful and can make Android devices useless.