Google Blocks Third-Party App Store Downloads for Android Users

Written by

Google is this week rolling out its Advanced Protection Program (APP) to all Android users in a bid to improve protection against malicious apps.

The APP was originally reserved for high-risk users such as journalists, activists, political campaigners and others. However, it will now be available to all users with an Android 7.0+ device.

There are two main benefits for signing up. The service ensures Google Play Protect’s AV scanning functionality is switched on all the time, which is particularly useful if users unwittingly download legitimate-looking malware which subsequently updates to include malicious code.

Second, it prevents users from downloading and installing apps from third-party marketplaces: only those available on Google Play will be allowed.

App stores installed by official Android device makers like Samsung and Huawei will also be allowed.

Unofficial app stores are a hotbed of malicious activity. Last year, malware dubbed “Agent Smith” was downloaded a staggering 25 million times from the 9Apps marketplace run by Alibaba’s UCWeb.

However, limiting downloads to Google Play won’t provide 100% protection: last month Google was forced to remove 600 apps for violating its policy on disruptive advertising, and in June 2019, adware was found in 238 apps on the Play Store, installed by an estimated 440 million Android users.

Google’s homegrown AV tool is also less effective than one might think. In recent AV-Test research it managed to detect just a third of malicious apps, placing it at the bottom of a list of 17 Android security applications.

To put this in perspective, the next ‘worst’ performing was AVG with a near 99% detection rate.

APP also includes protection against phishing thanks to multi-factor authentication (MFA), and attempts to safeguard user data by only allowing Google apps and select third-party apps to access user emails and Drive files.

APP is also available for iOS 10.0+ users that have first installed the Google Smart Lock app for MFA.

What’s hot on Infosecurity Magazine?