Google and the Android mobile platform have a big problem. Despite the fact that Google Play Protect scans apps before they are installed, a recent report from cybersecurity company Kaspersky showed that 600 million apps containing malware were installed on Android phones this year. If Google checks everything, how is this possible? Let’s look at a typical Android user. Let’s call him Andy.
Andy is impressed by an ad he saw on the Google Play Store for an app that allows him to edit his videos on his own device, so he installs the app on his phone. A few weeks later, the developer (a completely fictional company called Dewey, Cheetum, and Howe) releases an update to the previously harmless app that adds the necessary permissions and code to steal Andy’s passwords that he uses to open his financial apps; a few days later Andy notices some unauthorized withdrawals from his bank account.
According to screenshots first shown by AssembleDebug and leaked on the GApps Flags & Leaks Telegram channel, Google has created a new user interface for the Play Store. The screenshots show that Android users like Andy have the option to verify their identity and the payment method used for in-app purchases. The verified information can be used to ensure that Andy doesn’t accidentally install an expensive app in the future or mistakenly install a malware-laden app.
For example, Android users can choose to use fingerprint or facial recognition to perform all authentication for purchases through the Google Play Store. Users will be able to add identification preferences using built-in Android security features, checking apps and the user’s device with Play Protect, and making purchases through the Play Store safe by adding payment preferences.
If your Android phone is set up with the right permissions, a download from the Play Store may stop immediately in the installation process if it encounters malware. Last month, settings were added for Android’s “Safe Browsing” feature, which would notify users in real time of threats while browsing the Internet. It may even be part of Google Play Protect.
While we wait for Google to officially announce security improvements to the Play Store, users can request that all purchases made through the Play Store be authenticated. Google Play Protect, as mentioned earlier, can scan the apps on your phone for malware.