Android Jellybean to scan apps for malware, and warn of expensive SMS scams

Filed Under: Android, Featured, Google, Malware

Last month, Naked Security uncovered evidence that Google was planning to starting scanning Android apps for malware on users' smartphones.

Is Google about to start scanning your Android for malware?

Google has now confirmed that the functionality will be coming to the next version of Android (4.2, also known as Jelly Bean).

In a recent interview with Computerworld, Android's VP of Engineering explained that in the next version of the operating system, it will be possible to scan any apps that are installed from third-party marketplaces.

Hiroshi Lockheimer told JR Raphael that the first time apps are installed from anywhere other than the official Google Play store, Android will display a message asking the user if they want the app to be checked for "harmful behavior".

Google Android verifying apps

So, what happens when you tell Google that you want it to check the apps that you install on your Android phone?

Well, by the sound of things, your Android smartphone will send identifying information about the app (the equivalent of a signature) up to Google's servers. There Google will check to see if it a known legitimate app that has already been whitelisted, or determine if it is a known sample of Android malware (and prevent you from installing it).

Of course, it's very possible that Google won't have seen the app before - in which case it will be the user's decision whether to proceed with the installation.

Lockheimer told Computerworld:

"We have a catalog of 700,000 applications in the Play Store, and beyond that, we're always scanning stuff on the Web in terms of APKs that are appearing. We have a pretty good understanding of the app ecosystem now, whether something's in the Play Store or not."

It's good that Google is trying to do more to protect Android users from malware, as in the past their attitude towards the problem has been what some would describe as reckless.

For instance, a year ago, Google's open-source programs manager, Chris DiBona, described anti-virus vendors as "charlatans and scammers", saying that anyone who worked for a company selling virus protection for Android should be "ashamed" of themselves.

Well, it sounds like Google are kinda providing virus protection for Android users now.. :)

Jelly beans with malwareIt's a good thing that Google has definitely woken up to the threat of malware on Android devices.

Their own attempts to keep malware out of the official Android app store (named "Google Play") has met with varying levels of success).

And it's clear that cybercriminals have frequently used third party marketplaces to distribute Android malware - including fake versions of Instagram, and Angry Birds.

How good Google's virus-checking will turn out to be remains to be seen, and it relies upon users opting into the service.

If you're worried about Android malware, you wish to try out Sophos's free anti-virus for Android for an independent point of view.

In related news, Computerworld reports that Android 4.2 will alert users whenever an app attempts to send an SMS text message that could cost you money.

As so much Android malware relies upon SMS messages to earn revenue for their authors, anything which alerts users to the potential for mischief has to be good news.

Jellybeans image from Shutterstock.

, , , , ,

You might like

2 Responses to Android Jellybean to scan apps for malware, and warn of expensive SMS scams

  1. Freida Gray · 1058 days ago

    What happens if you select to not allow Google to check the apps installed on your phone?

  2. Cheers · 988 days ago

    to have an answer for your question, then it probably would be your decision and you can install any app you want.

    and trust every app. and you just hope in your heart that every app you install is trustworthy and believe in the goodness of people.

    and you start smiling more. :)

    then you use the app.

    then you either find the app useful or get tired of the app.

    in the first scenario you'll keep using the app until your phone becomes obsolete, is sold, given away, or lost, or broken.

    In the second scenario you either delete the app or leave it in your phone.

    now we have several branches of scenarios and it might need a whole paper with surveys and research to answer your question, so I'll just stop here.

    Have a good day.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley