Machine Learning Used in Detection of Harmful Android Apps

The Google Play Protect detection service, which scans Android apps for malicious activity, is enabled on more than 2 billion devices and detected 60.3 percent of Potentially Harmful Apps (PHAs) in 2017 using machine learning, according to Google’s Android Security 2017 Year in Review report. Google removed over 700,000 apps for violating its policies last year. While Play Protect uses a variety of tactics, machine learning is highly effective for catching PHAs, detecting things like inappropriate content, impersonation, and malware.

In order to be scanned, Play Protect used to require that devices be online, according to VentureBeat. But when Google “learned that 35 percent of new PHA installations were occurring while a device was offline,” it decided to develop a new feature to address that issue in particular. In October of 2017, it added an offline scanning feature to Play Protect and it has already detected and prevented 10 million PHA installs.


In most countries around the world, Android users get their apps via the Google Play store, which Play Protect aims to serve, but in some countries, people use third-party app stores, which often represent the only option to find and download new apps. But it’s riskier to use.

“Google revealed in its report that Android devices that only download apps from Google Play are 9 times less likely to get a PHA than devices that download apps from other sources,” reports VentureBeat.

Play Project has the ability to remove PHAs from the Google Play store, which it cannot do for third-party stores. For those Android users using outside services, “Play Protect can only warn an Android user that an app is a PHA, although in the case of ransomware or banking phishing apps, it can also block the installation,” notes VentureBeat. “Play Protect prevented 74 percent of PHA installation attempts with warnings and protections in 2017, compared to 55 percent in 2016.”

Play Protect’s efforts are reaping benefits across the board, according to the report. Last year, 0.56 percent of all devices scanned had a PHA, down from 0.77 percent the year before.

“Furthermore, the annual probability that a user downloaded a PHA from Google Play was 0.02 percent in 2017, down from 0.04 percent in 2017,” according to VentureBeat.