Android has had the “Verify Apps” feature in its settings for a while now – the feature is used to block malware from being installed on your devices. The feature is also active even when users sideload apps from marketplaces besides Google Play – that is, installing APKs from non-trusted sources. But a lot of users actually disable this feature, so Google has to get creative in using the feature to hunt down malware.
Because unfortunately some users do disable the Verify Apps feature, Google has worked out alternative solutions to stop malware from spreading to other devices. Determining whether an app is potentially harmful requires data sent back to its servers, and one of the things Google measures to make that determination is whether devices that have installed the app in question have stopped invoking the Verify Apps feature.
These devices are designated Dead or Insecure (DOI) by Google’s security team. Google says that DOI scoring has been fairly reliable for assessing the health of a device and uses it, in conjunction with other data, to determine if an app is potentially harmful. Google says that DOI scoring has helped flag more than 25,000 apps in three known malware families – Ghost Push, Gooligan, and Hummingbad.
As long as Android continues to be an open ecosystem, malware will continue to exist. As such, Android security is potentially a job that never stops being needed. Thankfully, Google seems up to the task.