Google Hunting Down Android Malware With Peer Group Analysis


Google is using a new technique called peer group analysis to find potentially malicious apps listed on the Play Store before they have a chance to endanger any devices, with the company detailing its efforts to do so earlier this week. The technique uses machine learning to group similar apps, then examine them for any standout differences. The AI is essentially looking for anything that's out of the ordinary for that app category or could potentially be used for malicious purposes. A good example would be a currency conversion tool asking to access one's address book, or a calculator app interested in location data. If anything strange is found by the AI, a Google security engineer will personally analyze the suspicious app.

The technology works by inspecting various factors to determine how to group apps. The obvious things like name and category are at the top of its priority list, though the AI also looks at factors both large and small, from an app's description to its size and popularity. The goal is to create groups containing comparable apps, where the AI should have a significantly easier time guessing an app's intended function and the permissions that it needs to do its job. A group of fairly small apps with "light" in their name, all requesting access to a device's LED flash unit, would be a good example of a group – these are likely apps that are meant to serve as flashlights. If an app in this category requests any permissions that are out of character for its category or is significantly larger or smaller in size than its peers, it's flagged by the AI and will be inspected by one of Google's software experts.

One of the Alphabet-owned company's biggest specialties is machine learning, and this isn't the first time that the tech giant used such a technology to keep its users safe. The Verify Apps function built into Google Play Services is another example of a similar effort; it runs on any phone with Google's app suite installed, and if it is allowed to, it will scan any app and look for potentially malicious code or behavior. Still, this tool can be bypassed if users want to install third-party content that they know could be unsafe, so for now, Google is only able to protect consumers who are downloading apps from the Play Store.

Share this page

Copyright ©2017 Android Headlines. All Rights Reserved.

This post may contain affiliate links. See our privacy policy for more information.
Senior Staff Writer

Daniel has been writing for Android Headlines since 2015, and is one of the site's Senior Staff Writers. He's been living the Android life since 2010, and has been interested in technology of all sorts since childhood. His personal, educational and professional backgrounds in computer science, gaming, literature, and music leave him uniquely equipped to handle a wide range of news topics for the site. These include the likes of machine learning, Voice assistants, AI technology development news in the Android world. Contact him at [email protected]

View Comments