TL;DR: To combat the rising threat of sideloaded Android malware, Google Play Protect has introduced an additional layer of security. Now, before you install an app, it will prompt you to scan it. This scan will take place in real-time at the code level. After the scan, users will be informed whether the app is safe. Initially, this feature will be available in India, but it will be expanded to other regions in the upcoming months.

Google has announced it's powering up Google Play Protect to enhance its threat detection capabilities with real-time app scanning. This update comes in response to the increasing threats exploiting malicious apps outside the Google Play Store.

Since 2017, Google Play Protect has been the default antivirus tool for Android devices, scanning approximately 125 billion apps daily to prevent the spread of malware and other unwanted software, whether the app is downloaded from the Play Store or a sideloaded APK. However, these real-time scans primarily rely on established intelligence to determine if an app is malicious or suspicious, utilizing methods such as machine learning, similarity comparisons, among others.

But that is changing, and your phone will now recommend a scan before app installation. You will see an "App scan recommended" screen that will let you know that Play Protect is not familiar with the app, and Google will ask for your permission to add it to its database. As shown below, in such instances the available options will be "Scan app" or "Don't install app," implying that bypassing the scan might prevent the app's installation entirely. A third, "more details" button is also there but Google hasn't provided specifics about its functions.

When you authorize the scan, the app will be analyzed at the code level using Google's backend infrastructure. A real-time assessment will then inform you whether the app is safe. Google emphasizes that this feature will protect against polymorphic applications, which employ artificial intelligence or other techniques to conceal their malicious intentions.

The new feature is initially launching in India and will expand to other regions in the upcoming months. Given the annual security reports that Google used to release about the risks of sideloading, India seems an apt starting point. The country topped the list for malware distribution in a 2018 report and remains one of the biggest markets for Android devices.

Image credit: Brett Jordan