Earlier this month, we shared an overview of the ways we keep you safe, on Google and on the web, more broadly. Today, we wanted to specifically focus on one element of Android security—Potentially Harmful Applications—highlighting fraudsters’ common tactics, and how we shield you from these threats.
“Potentially Harmful Applications,” or PHAs, are Android applications that could harm you or your device, or do something unintended with the data on your device. Some examples of PHA badness include:
- Backdoors: Apps that let hackers control your device, giving them unauthorized access to your data.
- Billing fraud: Apps that charge you in an intentionally misleading way, like premium SMS scams or call scams.
- Spyware: Apps that collect personal information from your device without consent
- Hostile Downloads: Apps that download harmful programs, often through bundling with another program
- Trojan Apps: Apps that appear benign (e.g., a game that claims only to be a game) but actually perform undesirable actions.
As we described in the Safer Internet post, we have a variety of automated systems that help keep you safe on Android, starting with Verify Apps—one of our key defenses against PHAs.
Verify Apps is a cloud-based service that proactively checks every application prior to install to determine if the application is potentially harmful, and subsequently rechecks devices regularly to help ensure they’re safe. Verify Apps checks more than 6 billion installed applications and scans around 400 million devices per day. If Verify Apps detects a PHA before you install it or on your device if, it will prompt you to remove the app immediately.
Sometimes, Verify Apps will remove an application without requiring you to confirm the removal. This is an action we’ll take very rarely, but if a PHA is purely harmful, has no possible benefit to users, or is impossible for you to remove on your own, we’ll zap it automatically. Ongoing protection from Verify Apps has ensured that in 2015, over 99 percent of all Android devices were free of known PHAs.
Verify Apps is just one of many protections we’ve instituted on Android to keep billions of people and devices safe. Just as PHAs are constantly evolving their tactics, we’re constantly improving our protections. We’ll continue to take action when we have the slightest suspicion that something might not be right. And we’re committed to educating and protecting people from current and future security threats—on mobile and online in general.
To ensure Verify Apps is enabled on your Android device, please follow these steps: Settings>Personal>Security>Verify Apps>Scan device for security threats.