Skip to main content

Google’s virus-scanning Verify Apps feature for Android now reveals its secrets

quadrooter exploit qualcomm chips android devices flaw
Image used with permission by copyright holder
Googls’ Verify Apps feature is a valuable tool against folks who mean your phone — and the data it contains — serious harm. Since the Mountain View, California-based search giant introduced it in 2012 as a part of Android version 4.2 Jelly Bean’s new security feature, Verify Apps has played an active roll in checking Android software against a growing database of malware, exploits, and other nasty viruses. But it’s done so a little too quietly for some folks’ taste, apparently. That’s why in the interest of transparency, Verify Apps will begin reporting a list of the apps it’s most recently scanned.

It’s a change first spotted by Android Police. A new version of Verify Apps shows the four applications that have been most recently scanned in a carousel menu, accessible by launching the Android Settings menu, tapping the Google option, and selecting the Security tab. Other newly exposed details include the time when the scan was completed, along with a toggle that “improves detection” by permitting Google to copy unknown apps and an option to disable Verify Apps altogether.

According to Android Police, the update is being delivered as part of a new Google Play Services, a core Android component that synchronizes contacts, provides access to privacy settings, powers location-based services, and updates Google apps. Devices with version 10.0.x of the service lack the new carousel and settings menu, but those running 10.2.x do have it. Updates to Google Play Services are distributed via the Google Play Store, Android’s app marketplace.

At the RSA security conference in San Francisco on Wednesday, Google announced that Verify Apps scans more than 750 million Android devices each day, checking as many as 6 billion apps for malware.

But that’s not all Google’s been doing to ensure Android devices remain safe and secure. The search giant has worked with 351 wireless carriers to improve the time it takes to test security patches before deploying them to users, an effort that’s resulted in a reduction of the software approval process from six to nine weeks to just a week. It’s doled out $1 million to independent security researchers, an amount that’s on track to reach $2 million next year. And it’s pursued an aggressive strategy of encryption — as of December 2016, 80 percent of Android 7.x (Nougat) users use encryption.

Adrian Ludwig, director of Android security at Google, said social engineering — attacks that fool a user into installing an app that compromises his or her device’s security — as one of the biggest challenges facing app developers today.

“People don’t want to think about security,” he told members of the press at Wednesday’s RSA conference. “They just want it to be that way.”

Kyle Wiggers
Former Digital Trends Contributor
Kyle Wiggers is a writer, Web designer, and podcaster with an acute interest in all things tech. When not reviewing gadgets…
Google is launching a powerful new AI app for your Android phone
Google Gemini app on Android.

Remember Bard, Google’s answer to ChatGPT? Well, it is now officially called Gemini. Also, all those fancy AI features that previously went by the name Duet AI have been folded under the Gemini branding. In case you haven’t been following up all the AI development flood, the name is derived from the multi-modal large language model of the same name.

To go with the renaming efforts, Google has launched a standalone Gemini app on Android. Moreover, the Gemini experience is also being made available to iPhone users within the Google app on iOS. But wait, there’s more.

Read more
If you have one of these apps on your Android phone, delete it immediately
The app drawer on the Google Pixel 8 Pro.

The NSO Group raised security alarms this week, and once again, it’s the devastatingly powerful Pegasus malware that was deployed in Jordan to spy on journalists and activists. While that’s a high-profile case that entailed Apple filing a lawsuit against NSO Group, there’s a whole world of seemingly innocuous Android apps that are harvesting sensitive data from an average person’s phone.
The security experts at ESET have spotted at least 12 Android apps, most of which are disguised as chat apps, that actually plant a Trojan on the phone and then steal details such as call logs and messages, remotely gain control of the camera, and even extract chat details from end-to-end encrypted platforms such as WhatsApp.
The apps in question are YohooTalk, TikTalk, Privee Talk, MeetMe, Nidus, GlowChat, Let’s Chat, Quick Chat, Rafaqat, Chit Chat, Hello Chat, and Wave Chat. Needless to say, if you have any of these apps installed on your devices, delete them immediately.
Notably, six of these apps were available on the Google Play Store, raising the risk stakes as users flock here, putting their faith in the security protocols put in place by Google. A remote access trojan (RAT) named Vajra Spy is at the center of these app's espionage activities.

A chat app doing serious damage

Read more
Google just redesigned one of its biggest apps, and it’s bad
Google Chat app on the Play Store.

Google Chat — Google's business-oriented messaging platform that is similar to Slack and Microsoft Teams — just got a big update for its Android and iOS apps. The update dramatically changes how you navigate the app and, uh, well, it sure is something.

Google Chat's mobile app used to be broken up into two pages: Chat (direct messages between you and other users) and Spaces (larger chat rooms for multiple people). As with most apps, you switched between these with a navigation bar at the bottom of your screen.

Read more