Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]


Groups > comp.mobile.android > #141720 > unrolled thread

Does Android scan every app you install or only apps installed from the Google Play Store?

Started byWolf Greenblatt <wolf@greenblatt.net>
First post2024-06-02 17:13 -0400
Last post2024-06-04 00:36 +0200
Articles 5 — 3 participants

Back to article view | Back to comp.mobile.android


Contents

  Does Android scan every app you install or only apps installed from the Google Play Store? Wolf Greenblatt <wolf@greenblatt.net> - 2024-06-02 17:13 -0400
    Re: Does Android scan every app you install or only apps installed from the Google Play Store? Arno Welzel <usenet@arnowelzel.de> - 2024-06-03 14:11 +0200
      Re: Does Android scan every app you install or only apps installed from the Google Play Store? "Carlos E.R." <robin_listas@es.invalid> - 2024-06-03 15:34 +0200
        Re: Does Android scan every app you install or only apps installed from the Google Play Store? Arno Welzel <usenet@arnowelzel.de> - 2024-06-03 17:36 +0200
          Re: Does Android scan every app you install or only apps installed from the Google Play Store? "Carlos E.R." <robin_listas@es.invalid> - 2024-06-04 00:36 +0200

#141720 — Does Android scan every app you install or only apps installed from the Google Play Store?

FromWolf Greenblatt <wolf@greenblatt.net>
Date2024-06-02 17:13 -0400
SubjectDoes Android scan every app you install or only apps installed from the Google Play Store?
Message-ID<v3inaj$2cj3i$1@news.samoylyk.net>
By default, does Android scan every app you install for malware,
or does Android only scan apps installed from the Google Play Store?

[toc] | [next] | [standalone]


#141754

FromArno Welzel <usenet@arnowelzel.de>
Date2024-06-03 14:11 +0200
Message-ID<lc5q7iFt7dnU1@mid.individual.net>
In reply to#141720
Wolf Greenblatt, 2024-06-02 23:13:

> By default, does Android scan every app you install for malware,
> or does Android only scan apps installed from the Google Play Store?

That also depends on the device as well since some manufactures modify
the official version of Android to their needs and some provide their
own security solutions like Xiaomi.

However, by default Android will scan every app regardless where it came
from.

Also see: Settings -> Security & privacy -> App security -> Play protect
and the the "Play Protect settings" you can open with the settings icon
on the top right. In these settings there is also the following option,
which is enabled by default:

Improve harmful app detection
Send unknown apps to Google for better detection

And "unknown apps" means apps which you did not install using Google
Play but by using an APK file or alternative sources like F-Droid.

-- 
Arno Welzel
https://arnowelzel.de

[toc] | [prev] | [next] | [standalone]


#141759

From"Carlos E.R." <robin_listas@es.invalid>
Date2024-06-03 15:34 +0200
Message-ID<dbt0jkx1a7.ln2@Telcontar.valinor>
In reply to#141754
On 2024-06-03 14:11, Arno Welzel wrote:
> Wolf Greenblatt, 2024-06-02 23:13:
> 
>> By default, does Android scan every app you install for malware,
>> or does Android only scan apps installed from the Google Play Store?
> 
> That also depends on the device as well since some manufactures modify
> the official version of Android to their needs and some provide their
> own security solutions like Xiaomi.
> 
> However, by default Android will scan every app regardless where it came
> from.
> 
> Also see: Settings -> Security & privacy -> App security -> Play protect
> and the the "Play Protect settings" you can open with the settings icon
> on the top right. In these settings there is also the following option,
> which is enabled by default:
> 
> Improve harmful app detection
> Send unknown apps to Google for better detection
> 
> And "unknown apps" means apps which you did not install using Google
> Play but by using an APK file or alternative sources like F-Droid.

I assume that applications on the google play server are scanned "by the 
server", in advance, and other applications are scanned later, dunno if 
locally or after they are uploaded for scan at the server. Oh, rather 
the later: it says "Send unknown apps to Google for better detection"

-- 
Cheers, Carlos.

[toc] | [prev] | [next] | [standalone]


#141764

FromArno Welzel <usenet@arnowelzel.de>
Date2024-06-03 17:36 +0200
Message-ID<lc6685Fg23U1@mid.individual.net>
In reply to#141759
Carlos E.R., 2024-06-03 15:34:

> On 2024-06-03 14:11, Arno Welzel wrote:
[...]
>> Also see: Settings -> Security & privacy -> App security -> Play protect
>> and the the "Play Protect settings" you can open with the settings icon
>> on the top right. In these settings there is also the following option,
>> which is enabled by default:
>>
>> Improve harmful app detection
>> Send unknown apps to Google for better detection
>>
>> And "unknown apps" means apps which you did not install using Google
>> Play but by using an APK file or alternative sources like F-Droid.
> 
> I assume that applications on the google play server are scanned "by the 
> server", in advance, and other applications are scanned later, dunno if 
> locally or after they are uploaded for scan at the server. Oh, rather 
> the later: it says "Send unknown apps to Google for better detection"

I assume, Google Play services create some kind of signature for every
app and maintain a catalogue of known signatures of malicious apps and
app versions. Whenever a new app from outside of Google Play is
installed, the check will be, if the signature of that app is already
known and if not, it will be send for verification to the Google Play
servers where it will get scanned and the signature along with the scan
result will be stored. So next time the same app package will be
installed by someone else, Google Play already knows the signature and
can warn the user or stop the installation if the app is known to be
malicious.

-- 
Arno Welzel
https://arnowelzel.de

[toc] | [prev] | [next] | [standalone]


#141775

From"Carlos E.R." <robin_listas@es.invalid>
Date2024-06-04 00:36 +0200
Message-ID<a5t1jkxnhs.ln2@Telcontar.valinor>
In reply to#141764
On 2024-06-03 17:36, Arno Welzel wrote:
> Carlos E.R., 2024-06-03 15:34:
> 
>> On 2024-06-03 14:11, Arno Welzel wrote:
> [...]
>>> Also see: Settings -> Security & privacy -> App security -> Play protect
>>> and the the "Play Protect settings" you can open with the settings icon
>>> on the top right. In these settings there is also the following option,
>>> which is enabled by default:
>>>
>>> Improve harmful app detection
>>> Send unknown apps to Google for better detection
>>>
>>> And "unknown apps" means apps which you did not install using Google
>>> Play but by using an APK file or alternative sources like F-Droid.
>>
>> I assume that applications on the google play server are scanned "by the
>> server", in advance, and other applications are scanned later, dunno if
>> locally or after they are uploaded for scan at the server. Oh, rather
>> the later: it says "Send unknown apps to Google for better detection"
> 
> I assume, Google Play services create some kind of signature for every
> app and maintain a catalogue of known signatures of malicious apps and
> app versions. Whenever a new app from outside of Google Play is
> installed, the check will be, if the signature of that app is already
> known and if not, it will be send for verification to the Google Play
> servers where it will get scanned and the signature along with the scan
> result will be stored. So next time the same app package will be
> installed by someone else, Google Play already knows the signature and
> can warn the user or stop the installation if the app is known to be
> malicious.
> 

Probably.

However, if a single download is found malicious, all downloads of the 
same name will be flagged as suspicious, I suppose.


-- 
Cheers, Carlos.

[toc] | [prev] | [standalone]


Back to top | Article view | comp.mobile.android


csiph-web