I recently found this article on ThreatPost which detailed Google’s new app scanner which debuted with their latest version of Android, 4.2. With the new version of Jelly Bean, Google included an app verifier which is active by default. When users try to download an unsafe application with the verifier running, they will be notified that the app is either dangerous or potentially dangerous. If the app is potentially dangerous, the user can select to continue despite the threat. However, if the verifier finds the app actually dangerous, the installation will be blocked completely.
Via a previous article from Threatpost, the app scanner works on the client-side by scanning any non-Play Store apps against a database of known malicious apps. While Google can test any apps that exist server-side using more advanced techniques, this new scanner allows users to have at least a base level of security for any Android application.
By using the scanner, users should keep in mind that they are also giving Google access to some of their phones information. Namely, by using the app scanner, Google has access to URLs related to the app and general device information (ID, current build, IP address, etc.). Though the article does not mention anything, I assume Google would use this information to track down malicious app developers. By logging the URL, for example, that a download link for a dangerous app existed, Google could investigate any other potentially dangerous downloads on that URL.
For users who still wish to install third-party apps or do not want to share their information with Google, the app scanner can be turned off in the Settings menu for a device. For the general user, though, Google’s new app verifier is definitely a step in the right direction for Android. By introducing the scanner, Google should be able to bring the number of malicious apps attacking users down and seek out related apps in their own market.