Google is devoting more resources in 2018 to developing and maintaining the machine learning algorithms it uses to power its suite of mobile threat protection, Google Play Protect. Google Play Protect was initially announced at Google I/O 2017 and the suite is built into over two billion Android devices.
While Google Play Protect protects devices in real time, Google’s app protections start earlier, when apps are published.
Before apps can be published on the Google Play store, they are analyzed by security systems and Android security experts. As a result of this process, apps downloaded from Google Play are nine times less likely to be a potentially harmful app (PHA) than devices that download apps from other sources.
Once an app is installed on a device, Google Play Protect continuously scans the device to make sure that it is working as it should. If it finds an app that is misbehaving, it either notifies the user or removes the harmful app.
“Google Play Protect’s suite of mobile threat protections are built into more than 2 billion Android devices, automatically taking action in the background. We’re constantly updating these protections so you don’t have to think about security: it just happens,” Sai Deep Tatali, software engineer in the Google Play Protect team, wrote in a post.
To accomplish this task of scanning 50 billion apps everyday, Google uses machine learning. It has developed algorithms that can distinguish apps that are harmful from those that are safe.
The machine learning algorithm analyzes the entire catalog of applications, and then looks at signals combined with anonymized data in order to compare application behavior. It looks for behavior common to PHAs, such as apps that interact with other apps, access or share personal data, or download things without a user’s knowledge.
It groups apps that exhibit similar behavior into families, helping them uncover apps that share similarities to PHAs, but that have yet to be discovered.
Once a new PHA is discovered and confirmed, Google Play Protect takes action on that app and then feeds information back into the algorithm to help discover more PHAs.
According to the company, its machine learning systems have detected 60.3 percent of malware in 2017.