Android malware crackdown: Google takes drastic action to protect Play Store apps

Android users have been given a big security boost with Google announcing new measures that should help root out vulnerabilities on popular Play Store apps. Android is one of the most used pieces of software in the world, with over two billion devices running the Google mobile OS. This humongous Android userbase hasn’t gone unnoticed by hackers, with malware threats regularly popping up.

Just recently Express.co.uk reported on how Google banned 17 dangerous Android apps that were located on the Google Play Store.

These Android apps were loaded with the ‘Joker’ malware which is capable of stealing SMS messages, entire contact lists, and device information as well as silently signing-up the victim for premium wireless application protocol (WAP) services.

This threat was merely the latest in a long line of Android warnings that have plagued users of Google’s mobile OS over the years.

But now the Mountain View firm is taking drastic action which should help strengthen the security of a number of Android apps that end up on the Google Play Store.

As revealed in a post by ZDNet, Google is creating a special Android security team that will root out dangerous bugs in sensitive apps.

The tech giant is currently recruiting for a security engineering manager that will look for vulnerabilities in “highly sensitive” third-party apps.

Among the apps that the new Google team will be looking at are COVID-19 contract tracing apps as well as election-related applications. This new team will work independently of the security researchers who highlight threats to Google via the Google Play Security Reward Program (GPSRP).

This is a bug bounty programme which rewards security experts that raise the alarm to Google over issues with Android apps located on the Google Play Store. This programme is only, however, limited to apps that have over 100million users.

The job description for the new security opening at Google says: “There’s no such thing as a ‘safe system’ – only safer systems. Our Security team works to create and maintain the safest operating environment for Google’s users and developers. As a Security Engineer, you help protect network boundaries, keep computer systems and network devices hardened against attacks and provide security services to protect highly sensitive data like passwords and customer information.

“Security Engineers work hands-on with network equipment and actively monitor our systems for attacks and intrusions. You also work with software engineers to proactively identify and fix security flaws and vulnerabilities.”

It adds: “As a Security Engineering Manager in Android Security, you’ll be protecting these people by leading a team that investigates and solves problems in vulnerability analysis. Your team will perform application security assessments against highly sensitive, third party Android apps on Google Play, working to identify vulnerabilities and provide remediation guidance to impacted application developers. You’ll also work with Android security teams, particularly those teams that work on app scanning and Google Play operations, to find new and creative ways to reduce the occurrence of Android application vulnerabilities at scale.

“You’ll face a wide variety of code quality issues, and work towards detecting flaws both obvious and highly discrete.”

Speaking to ZDNet, ESET’s Lukas Stefanko described Google’s latest efforts as “definitely a good move”.

Stefanko said: “Finding security issues with serious impact isn’t that easy and requires a lot of time and experience.”

Source: Read Full Article