Is Google Play Safe?

Protect your Android from malware

Google Play
Google Inc.

In late 2018, Forbes reported that half-a-million Android users downloaded a virus from Google Play disguised as a racing game. Just a year earlier, Israeli cyber security firm Check Point Software Technologies discovered an Android virus that charges users’ phone bills for fraudulent text messages hidden within 50 apps on the Android Market. The infective apps were collectively downloaded 21.1 million times before Google finally removed them.

Google Play, also known as the Android Market, is the online store where Android users download mobile apps. Released in October 2008 with about 50 apps, Google Play is home to more than a million apps over a decade later. Although Google has tried to keep malware off of its platform, new reports of infected Google Play apps seem to pop up every year. Fortunately, you can lower your risk of downloading malicious software by following some simple best practices for staying safe online.

A History of Android and Malware

By default, Android devices are safe from "drive-by downloads," or malicious code that gets downloaded to your device without your consent or knowledge. Unless you manually change the security settings, you will always receive a notification before any new software is downloaded or installed. In other words, the only way to get a virus on your Android device is to willingly download it.

Unfortunately, cyber criminals have become very creative when it comes to hiding malware inside of seemingly harmless apps and uploading them to Google Play. Such malware doesn't just slow down your device; it can steal your personal data including your phone number, e-mail addresses and you even GPS coordinates. Once your device is infected with malware, it becomes vulnerable to even more outside attacks.

When compared to Apple’s App Store, Google Play’s track record with malware is less than stellar. Why is this so? Google and Apple have very different approaches to apps. While Apple operates within a tightly-controlled system where developers must pass Apple’s strict requirements, Google attempts to keep the installation approach as open as possible. With Android, you are able to conveniently install apps through multiple means, which include Google Play, non-Android stores, and sideloading. There’s hardly any red tape a developer must encounter when compared to Apple, which is how the bad guys submit their malicious apps.

How Google Play is Combating Malware

Google started taking malware in its app store seriously in 2012 with the launch of an Android security feature called Bouncer. Bouncer scans Google Play for malware and eliminates suspicious apps before they reach users. In the year it was released, the number of infectious apps on the mobile store dropped by only 40 percent. Security experts quickly found flaws in the system, and cyber criminals learned to disguise their malicious apps to subvert Bouncer.

Google latter introduced a built-in malware scanner for Android devices called Google Play Protect, but it hasn't fared much better than Bouncer at detecting apps that contain viruses. In comparative studies of various antivirus software, Google Play Protect consistently ranks last. Google finally implemented a human review process for apps in 2016; nonetheless, bad actors are always finding new ways to evade Google’s anti-malware measures, so it's up to individual Android users to keep their devices safe.

How To Stay Safe From Malware on Google Play

You can take the following preventive measures to lower your risk of installing infected apps:

  • Only download from reputable sources such as Google Play or the Amazon Appstore. Although Google Play isn't 100 percent safe from malware, it's safer than downloading unofficial apps.
  • Glance at app reviews. People will often rate an infected app poorly and will usually warn others through the app reviews.
  • Use strong antivirus protection such as Lookout Mobile Security, AVG, or Norton.
  • Do not root your device or change the default security settings.

How to Tell if You Downloaded a Virus From Google Play

It's not always immediately obvious that an app you've download is malicious. In fact, cyber criminals rely on users' ignorance to steal their data. If your device is running slower than usual, the cause could be either a virus or low storage. If you're suddenly bombarded with advertisements in your phone’s notification bar, or you notice mysterious icons popping up on your home screen, there's a good chance that you have malware.

Do you think that you downloaded a virus from Google Play? See How to Get Rid of an Android Virus From Your Phone.