Is Google Play Safe?

Protect your Android from malware

Google Play logo
Google Inc.

In late 2018, Forbes reported that half-a-million Android users downloaded a virus from Google Play disguised as a racing game. Just a year earlier, Israeli cybersecurity firm Check Point Software Technologies discovered an Android virus that charges users’ phone bills for fraudulent text messages hidden within 50 apps on the Android Market. The infected apps were collectively downloaded 21.1 million times before Google finally removed them.

Google Play, also known as the Android Market, is the online store where Android users download mobile apps. Released in October 2008 with about 50 apps, Google Play is home to more than a million apps over a decade later. Although Google has tried to keep malware off of its platform, new reports of infected Google Play apps seem to pop up every year. Fortunately, you can lower your risk of downloading malicious software by following some simple best practices for staying safe online.

A History of Android and Malware

By default, Android devices are safe from "drive-by downloads," or malicious code that gets downloaded to your device without your consent or knowledge. Unless you manually change the security settings, you will always receive a notification before any new software is downloaded or installed. In other words, the only way to get a virus on your Android device is to willingly download it.

Unfortunately, cybercriminals have become very creative when it comes to hiding malware inside of seemingly harmless apps and uploading them to Google Play. Such malware doesn't just slow down your device; it can steal your personal data, including your phone number, e-mail addresses, and even your GPS coordinates. Once infected with malware, your device becomes vulnerable to even more outside attacks.

When compared to Apple’s App Store, Google Play’s track record with malware is less than stellar. Why is this so? Google and Apple have very different approaches to apps. While Apple operates within a tightly controlled system where developers must pass Apple’s strict requirements, Google attempts to keep the installation approach as open as possible. With Android, you are able to conveniently install apps through multiple means, which include Google Play, non-Android stores, and sideloading. When submitting their apps, developers have to negotiate a lot of red tape with Apple, which isn't the case with Android and a reason malicious apps are distributed more frequently through the latter system.

How Google Play Is Combating Malware

Google started taking malware in its app store seriously in 2012 with the launch of an Android security feature called Bouncer. Bouncer scans Google Play for malware and eliminates suspicious apps before they reach users. In the year it was released, the number of infectious apps on the mobile store dropped by only 40 percent. Security experts quickly found flaws in the system, and cybercriminals learned to disguise their malicious apps to subvert Bouncer.

Google later introduced a built-in malware scanner for Android devices called Google Play Protect, but it hasn't fared much better than Bouncer at detecting apps that contain viruses. In comparative studies of various antivirus software, Google Play Protect consistently ranks last. Google finally implemented a human review process for apps in 2016; nonetheless, bad actors are always finding new ways to evade Google’s anti-malware measures, so it's up to individual Android users to keep their devices safe.

How to Stay Safe From Malware on Google Play

You can take the following preventive measures to lower your risk of installing infected apps:

  • Only download from reputable sources such as Google Play or the Amazon Appstore. Although Google Play isn't 100 percent safe from malware, it's safer than downloading unofficial apps.
  • Take a glance at app reviews. People will often rate an infected app poorly and will usually warn others through the app reviews.
  • Use strong antivirus protection such as Lookout Mobile Security, AVG, or Norton.
  • Do not root your device or change the default security settings.

How to Tell If You Downloaded a Virus From Google Play

It's not always immediately obvious that an app you've downloaded is malicious. In fact, cybercriminals rely on users' ignorance to steal their data. If your device is running slower than usual, the cause could be either a virus or low storage. If you're suddenly bombarded with advertisements in your phone’s notification bar, or you notice mysterious icons popping up on your home screen, there's a good chance you have malware.