Google Hunting Down Android Malware With Peer Group Analysis

Google Peer Grouping

Google is using a new technique called peer group analysis to find potentially malicious apps listed on the Play Store before they have a chance to endanger any devices, with the company detailing its efforts to do so earlier this week. The technique uses machine learning to group similar apps, then examine them for any standout differences. The AI is essentially looking for anything that’s out of the ordinary for that app category or could potentially be used for malicious purposes. A good example would be a currency conversion tool asking to access one’s address book, or a calculator app interested in location data. If anything strange is found by the AI, a Google security engineer will personally analyze the suspicious app.

The technology works by inspecting various factors to determine how to group apps. The obvious things like name and category are at the top of its priority list, though the AI also looks at factors both large and small, from an app’s description to its size and popularity. The goal is to create groups containing comparable apps, where the AI should have a significantly easier time guessing an app’s intended function and the permissions that it needs to do its job. A group of fairly small apps with “light” in their name, all requesting access to a device’s LED flash unit, would be a good example of a group – these are likely apps that are meant to serve as flashlights. If an app in this category requests any permissions that are out of character for its category or is significantly larger or smaller in size than its peers, it’s flagged by the AI and will be inspected by one of Google’s software experts.

One of the Alphabet-owned company’s biggest specialties is machine learning, and this isn’t the first time that the tech giant used such a technology to keep its users safe. The Verify Apps function built into Google Play Services is another example of a similar effort; it runs on any phone with Google’s app suite installed, and if it is allowed to, it will scan any app and look for potentially malicious code or behavior. Still, this tool can be bypassed if users want to install third-party content that they know could be unsafe, so for now, Google is only able to protect consumers who are downloading apps from the Play Store.