Introduced in Android 4.2, then rolled back to later versions of Android down to Android 2.3, the built-in Verify Apps feature works to detect shady applications that users sideload onto devices. As of right now, the program checks newly installed applications, then basically goes to sleep until a new app is sideloaded.
According to a Googler who spoke with Computer World, a universal update is on its way, bringing continuous monitoring for an even more secure Android experience.
Once a new app is installed after the update, Verify Apps will continue working to make sure nothing shady is going on in the background. The system works with Google’s servers to cross check a list of threats Google is aware of. Once the system verifies that there is no threat, it’s back to sleep mode until a new app arrives.
Android Lead Security Engineer Adrian Ludwig spoke with CW, and stated the following.
We’re constantly updating what we’re aware of, so being able to detect those things where we’ve improved our coverage is valuable. We want to make sure that if that were to happen, a user would be made aware of it after the fact.
At this point, there really is a collection of services that we’re starting to think about as the Google security services for Android. We want to make sure there is no single point of failure within our platform so users can be protected.
CW reports that the update should hit all devices through a Google Play Services update, meaning it won’t be held back by OEMs or carriers. Be on the lookout over the next couple of weeks, and let us know if you spot the update on your device.
Good on you, Google.
Sounds good…as long as there is no impact to battery life or privacy invasion
I just hope that they don’t suddenly decide that certain ad blocking and video streaming apps that have been pulled from Google Play are “shady” or “bad” and remove them without our consent.
Easy fix…turn off the setting.
I wonder if anything fishy will be picked up in regards to xposed…seeing as how I’ve seen a couple of write-ups expressing security concerns with it.
What security concerns are there with xposed?
It can be used for malicious purposes. Rooting has always brought that risk though.
I see, the security concerns may be with the modules themselves. That’s why I do research on developers before using their products. But is there a real way to tell if a custom rom for example is “safe”. I have been kind of weary of anything root lately.
You have to be pretty Android savvy (on the inner workings ) to be able to tell if a rom is safe.
I will say this: most of the AOSP based roms out there are not even remotely safe because they use a signature made public. Google never intended people to use it, but they do anyway.
Thanks for the info. So if I am using a N5 for instance I should probably switch to a Google Stock based rom?
Maybe. I’d ask the developer if they are signing the ROM package and contents with their own keys. If they say no, I’d be leery of using it.
CM has their own workaround for this, so this would be mainly for AOSP based Roms.
Thanks man. I’ll have to do some more research. CM is basically safer to use then I take it? I have been using Roms for a long time but I have become suspicious of some if these n5 Roms lately.
Yes, CM is safer as long as it was built by an official maintainer. You never know otherwise.
Sounds good, thanks again for all the info.
Google “xposed framework security” to get some examples. One xda dev I already know doesn’t use it and recommends others against using it. I still use it though since I love GravityBox but there’s always that potential for harmful stuff to occur
Yea I stopped using xposed myself. Caused conflicts with the rom I am using. I am not a fan of xposed anyways.
Can someone help me understand? Does this mean sideloading is over???
No. Google just wants to make this sideloads safer in the long run
Yay ok. Thanks!
Good Guy Google
It would be funny if it started blocking the Verizon Bloat apps.
I wish