After launching the Google Play Protect Android service back in May 2017, Google today provided a closer look at how their machine learning-based app security scanner also helps Android users who don't install apps from the Google Play Store to stay safe.
According to Google's blog post, "Google Play Protect analyzes every app that it can find on the internet. We created a dataset by decomposing each app's APK and extracting PHA signals with deep analysis."
This means that even though one will install an Android app from an .APK Android app executable file, the Google Play Protect service will have potentially stumbled upon it while browsing the web searching for Android apps to scan.
Google Play Protect can protect Android users from Potentially Harmful Applications (PHAs), which according to Google's classification can be backdoors, spyware, data collection tools, denial of service tools, hostile downloaders, mobile billing, call, toll, and SMS frauds, phishing tools, ransomware, privilege escalation apps, rooting apps, spam, and Trojans.
Google Play Protect scours the web looking for apps to scan; no nook is safe
"With more than 50 billion apps scanned every day, our machine learning systems are always on the lookout for new risks, identifying potentially harmful apps and keeping them off your device or removing them," says Google.
The Android apps classified into a PHA category will be automatically blocked from being published in the Google Play store, with the Google Play Protect scan results being an integral part of the Google Play store evaluation process.
Google Play Protect's machine learning protections uses two main tools to detect and classify PHAs, the machine learning models it builds using deep learning and logistic regression, and the vast amounts of anonymous data it collects by analyzing all apps detected on the web and from the Google Play store.
Regarding the data collected by scanning apps found on the Internet, Google says that Google Play Protect will "execute various processes on each app to find particular features and behaviors that are relevant to the PHA categories in scope (for example, SMS fraud, phishing, privilege escalation)."