Google takes aim at Android malware with an AI-powered live threat detection service



Google is preparing to launch a new system to help address the problem of malware on Android. Its new live threat detection service leverages Google Play Protect’s on-device AI to analyze apps for malicious behavior. The service, announced following the Google I/O developer event on Tuesday, examines various signals related to an app’s use of sensitive permissions and interactions with other apps and services, the company explains.

If it finds suspicious behavior, Google Play Protect will be able to send the app to Google for additional review as well as warn any users who have the app installed, or even disable the app, if warranted.

The detection also takes advantage of Google’s Private Compute Core, the Android privacy infrastructure introduced in 2022 that offers an isolated data processing environment inside of the Android operating system. The idea of the Private Compute Core, or PCC, is to give users control over if, how, or when their data is shared. By using the PCC, the new live threat detection feature can protect users without collecting their data.

Image Credits: Google

Google says it will deploy the system later this year on Google Pixel devices. Other manufacturers will join it, including Oppo, Honor, Lenovo, OnePlus, Nothing, Transsion, Sharp, and more.

The service could help Android users feel more comfortable downloading and using apps from Google Play — although arguably, they’d rather not have downloaded malware in the first place. Rather, they’d like malicious apps to be caught during app review. That’s a focus area for Apple, which regularly touts the benefit of its App Store to consumers and developers. Though bad actors often slip through its cracks, it weeds out many more through its more intensive review system before allowing them to go live on the App Store. Ahead of I/O, Apple announced it had stopped $1.8 billion in fraud on the App Store, for example.

In addition to the live threat detection service, Google announced it will hide one-time passwords from notifications to cut down on a common attack vector for fraud and spyware. It will also expand Android 13’s restricted settings, which will now require additional user approval to enable app permissions when they sideload apps onto their device.

We’re launching an AI newsletter! Sign up here to start receiving it in your inboxes on June 5.

Read more about Google I/O 2024 on TechCrunch




Source